CVE-2018-10882 - A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write

CVE-2018-10882

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 12-02-2023 - 23:31)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

redhat via4

advisories

rhsa

id	RHSA-2018:2948

rpms

kernel-0:4.14.0-115.el7a
kernel-abi-whitelists-0:4.14.0-115.el7a
kernel-bootwrapper-0:4.14.0-115.el7a
kernel-debug-0:4.14.0-115.el7a
kernel-debug-debuginfo-0:4.14.0-115.el7a
kernel-debug-devel-0:4.14.0-115.el7a
kernel-debuginfo-0:4.14.0-115.el7a
kernel-debuginfo-common-aarch64-0:4.14.0-115.el7a
kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a
kernel-debuginfo-common-s390x-0:4.14.0-115.el7a
kernel-devel-0:4.14.0-115.el7a
kernel-doc-0:4.14.0-115.el7a
kernel-headers-0:4.14.0-115.el7a
kernel-kdump-0:4.14.0-115.el7a
kernel-kdump-debuginfo-0:4.14.0-115.el7a
kernel-kdump-devel-0:4.14.0-115.el7a
kernel-tools-0:4.14.0-115.el7a
kernel-tools-debuginfo-0:4.14.0-115.el7a
kernel-tools-libs-0:4.14.0-115.el7a
kernel-tools-libs-devel-0:4.14.0-115.el7a
perf-0:4.14.0-115.el7a
perf-debuginfo-0:4.14.0-115.el7a
python-perf-0:4.14.0-115.el7a
python-perf-debuginfo-0:4.14.0-115.el7a

refmap via4

bid	106503
confirm	https://bugzilla.kernel.org/show_bug.cgi?id=200069 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
mlist	[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
ubuntu	USN-3753-1 USN-3753-2 USN-3871-1 USN-3871-3 USN-3871-4 USN-3871-5

Last major update

12-02-2023 - 23:31

Published

27-07-2018 - 18:29

Last modified

12-02-2023 - 23:31