CVE-2018-5750 in Linux
Summary
by MITRE
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/14/2025
The vulnerability identified as CVE-2018-5750 resides within the Linux kernel's ACPI subsystem, specifically in the acpi_smbus_hc_add function located in drivers/acpi/sbshc.c. This flaw represents a information disclosure weakness that affects kernel versions through 4.14.15, creating a significant security risk for systems utilizing ACPI-based hardware management. The vulnerability manifests when the system processes SBS HC (Smart Battery Subsystem Hardware Controller) devices, which are commonly found in laptops and portable computing devices that require battery monitoring and management capabilities. The issue stems from insufficient sanitization of debug output within the kernel's ACPI hardware controller initialization routine, allowing attackers to extract sensitive memory addresses through the kernel's message buffer.
The technical flaw occurs when the acpi_smbus_hc_add function generates debug print messages containing memory addresses through printk calls that are subsequently stored in the kernel's dmesg buffer. This function is responsible for adding ACPI SBS hardware controllers to the system, and during this process, it inadvertently exposes kernel memory addresses to local users who can access the dmesg output. The vulnerability is classified under CWE-200, which deals with exposure of sensitive information to an unauthorized actor, and represents a classic case of information disclosure through improper logging mechanisms. The flaw is particularly concerning because it provides attackers with kernel virtual memory addresses that can be used in subsequent exploitation attempts, such as kernel address space layout randomization (ASLR) bypass techniques.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with critical information that can facilitate more sophisticated attacks. Local users who can access the dmesg buffer gain access to kernel memory addresses that may be used to circumvent security mechanisms like ASLR, which is designed to randomize memory layout to prevent exploitation. The vulnerability affects systems running Linux kernel versions up to 4.14.15, making it particularly relevant for organizations using older kernel versions or those that have not yet applied the necessary security patches. Attackers could potentially use the disclosed addresses to craft more effective exploit payloads, particularly in scenarios involving privilege escalation or kernel exploitation attempts. The vulnerability is also significant in the context of the ATT&CK framework, specifically under the information gathering phase where adversaries collect system information, and potentially in privilege escalation techniques that leverage kernel memory addresses.
Mitigation strategies for CVE-2018-5750 primarily involve applying the appropriate kernel security patches released by the Linux kernel community. System administrators should immediately update to kernel versions 4.14.16 or later, where the vulnerability has been addressed through modifications to the printk calls within the acpi_smbus_hc_add function. Additionally, organizations should implement proper access controls to limit local user privileges and restrict access to kernel message buffers. The fix typically involves removing or sanitizing the memory address information from debug print statements, ensuring that sensitive kernel information is not exposed through dmesg output. System hardening measures such as disabling unnecessary ACPI hardware controller support, implementing proper logging controls, and conducting regular security audits of kernel modules can further reduce the attack surface. Organizations should also monitor for potential exploitation attempts by watching for unusual dmesg access patterns or attempts to gather system information that might indicate an active attack. The vulnerability highlights the importance of proper kernel debugging output sanitization and demonstrates how seemingly benign debug information can become a security risk when not properly managed.