5.5

CVE-2018-18690

Exploit

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.17
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.145
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://usn.ubuntu.com/3849-1/
Third Party Advisory
https://usn.ubuntu.com/3849-2/
Third Party Advisory
https://usn.ubuntu.com/3848-1/
Third Party Advisory
https://usn.ubuntu.com/3848-2/
Third Party Advisory
https://usn.ubuntu.com/3847-1/
Third Party Advisory
https://usn.ubuntu.com/3847-2/
Third Party Advisory
https://usn.ubuntu.com/3847-3/
Third Party Advisory
http://www.securityfocus.com/bid/105753
Third Party Advisory
VDB Entry
https://bugzilla.kernel.org/show_bug.cgi?id=199119
Vendor Advisory
Exploit
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1105025
Third Party Advisory
Issue Tracking