CVE-2018-6559
LOWLinux Kernel - Unauthorized File Name Exposure via overlayfs User Namespace Mount
Title source: llmDescription
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105752
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3836-2/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3835-1/
Third Party Advisory x_refsource_confirm
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-6559.html
Third Party Advisory x_refsource_confirm
https://lists.ubuntu.com/archives/kernel-team/2018-October/096172.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3833-1/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3832-1/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://launchpad.net/bugs/1793458
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3836-1/
Scores
CVSS v3
3.3
EPSS
0.0008
EPSS Percentile
24.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
18.10
linux/linux_kernel
Published
Oct 26, 2018
Tracked Since
Feb 18, 2026