cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:linux:linux_kernel:4.16.12 CVE-2018-11506 2018-05-28T00:29:00.223-04:00 2019-03-27T12:10:46.887-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2019-03-20T12:10:53.123-04:00 REDHAT RHSA-2018:2948 UBUNTU USN-3752-1 UBUNTU USN-3752-2 UBUNTU USN-3752-3 MLIST [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update MLIST [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update MLIST [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package MISC http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f7068114d45ec55996b9040e98111afa56e010fe MISC https://github.com/torvalds/linux/commit/f7068114d45ec55996b9040e98111afa56e010fe MISC https://twitter.com/efrmv/status/1001574894273007616 The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.