Vulnetix
Try Vulnetix Request Demo
CVE-2018-10940 PUBLISHED

The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

EPSS 0.06% · 17.4th percentile

Risk Scores

EPSS Score
0.06%
17.4th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSlinux-intel-iot-realtime5.15.0-1073.75, 0
Ubuntu:16.04:LTSlinux-azure0, 4.11.0-1009.9, 4.11.0-1011.11
Ubuntu:Pro:FIPS:16.04:LTSlinux-fips0, 4.4.0-1003.3, 4.4.0-1005.5
Ubuntu:14.04:LTSlinux3.12.0-2.7, 3.12.0-2.5, 3.12.0-1.3
Ubuntu:18.04:LTSlinux-azure4.15.0-1012.12, 4.15.0-1009.9, 4.15.0-1008.8
Ubuntu:18.04:LTSlinux4.15.0-20.21, 4.15.0-12.13, 4.15.0-22.24
Ubuntu:16.04:LTSlinux-gcp4.13.0-1002.5, 4.13.0-1019.23, 4.13.0-1017.21
Ubuntu:18.04:LTSlinux-raspi20, 4.15.0-1012.13, 4.15.0-1011.12
Ubuntu:22.04:LTSlinux-realtime0, 5.15.0-1032.35
Ubuntu:20.04:LTSlinux-riscv5.4.0-24.28, 5.4.0-26.30, 5.4.0-27.31
Ubuntu:16.04:LTSlinux-raspi24.4.0-1050.57, 0, 4.2.0-1013.19
Ubuntu:14.04:LTSlinux-aws4.4.0-1022.22, 4.4.0-1005.5, 4.4.0-1006.6
Ubuntu:18.04:LTSlinux-aws4.15.0-1006.6, 4.15.0-1003.3, 4.15.0-1001.1
Ubuntu:24.04:LTSlinux-hwe-6.116.11.0-28.28~24.04.1, 6.11.0-26.26~24.04.1, 6.11.0-25.25~24.04.1
Ubuntu:20.04:LTSlinux-raspi25.4.0-1004.4, 0, 5.3.0-1007.8
Ubuntu:Pro:20.04:LTSlinux-azure-fde-5.155.15.0-1040.47~20.04.1.1, 5.15.0-1103.112~20.04.1.1, 5.15.0-1102.111~20.04.1.1
Ubuntu:16.04:LTSlinux-snapdragon4.4.0-1026.29, 4.4.0-1030.33, 4.4.0-1093.98
Ubuntu:14.04:LTSlinux-lts-xenial4.4.0-38.57~14.04.1, 4.4.0-59.80~14.04.1, 4.4.0-22.39~14.04.1
Ubuntu:24.04:LTSlinux-raspi-realtime6.8.0-2019.20, 0
Ubuntu:24.04:LTSlinux-azure-6.116.11.0-1008.8~24.04.1, 6.11.0-1018.18~24.04.1, 6.11.0-1017.17~24.04.1

…and 12 more

Timeline

References

Open in Interactive Console →