Main Vulnerability Database Vulnerabilities #VU14177

#VU14177 Use-after-free error in Linux kernel - CVE-2018-14611

Published: August 1, 2018 / Updated: August 2, 2018

Vulnerability identifier: #VU14177

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-14611

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error in the btrfs_check_chunk_valid() function, as defined in the source code file fs/btrfs/volumes.c. A local attacker can mount a specially crafted Btrfs filesystem that submits malicious input, trigger memory corruption in the try_merge_free_space() function and cause the affected software to terminate abnormally or execute arbitrary code with elevated privileges..

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 4.17.11.

External links

https://bugzilla.kernel.org/show_bug.cgi?id=199839

#VU14177 Use-after-free error in Linux kernel - CVE-2018-14611

Description

Remediation

External links

Please verify you're human