{"api_version":"1","generated_at":"2026-04-23T02:35:27+00:00","cve":"CVE-2018-16862","urls":{"html":"https://cve.report/CVE-2018-16862","api":"https://cve.report/api/cve/CVE-2018-16862.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-16862","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-16862"},"summary":{"title":"CVE-2018-16862","description":"A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2018-11-26 19:29:00","updated_at":"2019-04-01 21:29:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://usn.ubuntu.com/3879-2/","name":"USN-3879-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lore.kernel.org/patchwork/patch/1011367/","name":"https://lore.kernel.org/patchwork/patch/1011367/","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Vendor Advisory"],"title":"mm: cleancache: fix corruption on missed inode invalidation - Patchwork","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/3879-1/","name":"USN-3879-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3879-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/106009","name":"106009","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Linux Kernel CVE-2018-16862 Local Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","name":"[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 1715-1] linux-4.9 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","name":"[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1731-2] linux regression update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4118-1/","name":"USN-4118-1","refsource":"UBUNTU","tags":[],"title":"USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","name":"[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 1731-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4094-1/","name":"USN-4094-1","refsource":"UBUNTU","tags":[],"title":"USN-4094-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1649017 – (CVE-2018-16862) CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/oss-sec/2018/q4/169","name":"[oss-security] 20181123 CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-sec: CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-16862","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16862","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"4.14","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"16862","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-16862","qid":"610324","title":"Google Android March 2021 Security Patch Missing for Huawei EMUI"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2018-16862","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200","cweId":"CWE-200"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"[UNKNOWN]","product":{"product_data":[{"product_name":"kernel:","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"https://usn.ubuntu.com/3879-1/","refsource":"MISC","name":"https://usn.ubuntu.com/3879-1/"},{"url":"https://usn.ubuntu.com/3879-2/","refsource":"MISC","name":"https://usn.ubuntu.com/3879-2/"},{"url":"http://www.securityfocus.com/bid/106009","refsource":"MISC","name":"http://www.securityfocus.com/bid/106009"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"},{"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"},{"url":"https://lore.kernel.org/patchwork/patch/1011367/","refsource":"MISC","name":"https://lore.kernel.org/patchwork/patch/1011367/"},{"url":"https://seclists.org/oss-sec/2018/q4/169","refsource":"MISC","name":"https://seclists.org/oss-sec/2018/q4/169"},{"url":"https://usn.ubuntu.com/4094-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4094-1/"},{"url":"https://usn.ubuntu.com/4118-1/","refsource":"MISC","name":"https://usn.ubuntu.com/4118-1/"}]},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","version":"3.0"}]}},"nvd":{"publishedDate":"2018-11-26 19:29:00","lastModifiedDate":"2019-04-01 21:29:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"16862","Ordinal":"133673","Title":"CVE-2018-16862","CVE":"CVE-2018-16862","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"16862","Ordinal":"1","NoteData":"A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"16862","Ordinal":"2","NoteData":"2018-11-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"16862","Ordinal":"3","NoteData":"2019-09-02","Type":"Other","Title":"Modified"}]}}}