CVE-2018-18690

Impact:
Moderate
Public Date:
2018-03-15
CWE:
CWE-391
Bugzilla:
1643988: CVE-2018-18690 kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change

The MITRE CVE dictionary describes this issue as:

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

Find out more about CVE-2018-18690 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.5
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt) RHSA-2018:3096 2018-10-30
Red Hat Enterprise Linux 7 (kernel) RHSA-2018:3083 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Not affected
Red Hat Enterprise Linux 7 kernel-alt Not affected
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Not affected
Last Modified

CVE description copyright © 2017, The MITRE Corporation