CVE-2018-16862
MEDIUMLinux Kernel < 4.14 - Unauthorized Data Exposure via Cleancache Inode Reuse
Title source: llmDescription
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106009
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3879-2/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://seclists.org/oss-sec/2018/q4/169
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3879-1/
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://lore.kernel.org/patchwork/patch/1011367/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4094-1/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4118-1/
Scores
CVSS v3
5.3
EPSS
0.0003
EPSS Percentile
7.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
Details
CWE
CWE-200
Status
published
Products (5)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
8.0
linux/linux_kernel
< 4.14
redhat/enterprise_linux
7.0
Published
Nov 26, 2018
Tracked Since
Feb 18, 2026