CVE-2018-20509
Publication date 30 April 2019
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Ignored end of ESM support, was ignored [was needs-triage ESM criteria] | |
linux-aws | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Ignored end of ESM support, was ignored [was needed ESM criteria] | |
linux-aws-hwe | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-azure | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1013.13~16.04.2
|
|
14.04 LTS trusty | Ignored end of ESM support, was ignored [was needs-triage ESM criteria] | |
linux-azure-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1013.13~16.04.2
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of life, was needs-triage | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1014.14~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-gcp-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of standard support | |
14.04 LTS trusty | Not in release | |
linux-gke-4.15 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored end of life | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-24.26~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-24.26~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was ignored [was needs-triage ESM criteria] | |
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored abandoned | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored end of standard support, was needs-triage | |
14.04 LTS trusty | Not in release | |
linux-oracle | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Fixed 4.15.0-1053.57
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release |
Notes
tyhicks
debugfs is only accessible by the root user in Ubuntu The patch that is listed as the fix for this issue quietly fixes the info leak while being focused on improving locking. Only the info leak is referenced by this CVE.
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |