APPLIED[T/X/B/C]: [PATCH 0/1][T/X/B/C/D] CVE-2018-18710 - Information leak in cdrom driver

Khaled Elmously khalid.elmously at
Thu Nov 29 07:22:38 UTC 2018

On 2018-11-20 00:48:40 , Tyler Hicks wrote:
>  An issue was discovered in the Linux kernel through 4.19. An information
>  leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by
>  local attackers to read kernel memory because a cast from unsigned long to
>  int interferes with bounds checking. This is similar to CVE-2018-10940 and
>  CVE-2018-16658.
> Clean cherry pick all the way back to Trusty. I was unable to test this
> specific line of code in the cdrom ioctl handler because I think it requires a
> cdrom with multiple disc slots. However, the build logs are clean and the fix
> is easy to review.
> Tyler
> -- 
> kernel-team mailing list
> kernel-team at

More information about the kernel-team mailing list