Out-of-bounds write in Linux kernel - CVE-2018-10882
Published: July 11, 2018 / Updated: May 30, 2020
Vulnerability identifier: #VU13824
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10882
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds write error in the fs/jbd2/transaction.csource code in the fourth extended filesystem (ext4). A local attacker can unmount a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-10882
The vulnerability has been fixed in the versions 4.4.140, 4.9.112, 4.14.55, 4.17.6.