{
  "threat_severity" : "Moderate",
  "public_date" : "2017-12-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass",
    "id" : "1539706",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1539706"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.", "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call." ],
  "statement" : "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2, as KASLR feature is not present or enabled in these products.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:0676",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-862.rt56.804.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:1062",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-862.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-10-30T00:00:00Z",
    "advisory" : "RHSA-2018:2948",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.el7a"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-5750\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5750" ],
  "name" : "CVE-2018-5750",
  "csaw" : false
}