Main Vulnerability Database Vulnerabilities #VU28412

Authorization bypass in Linux kernel - CVE-2018-16597

Published: September 21, 2018 / Updated: July 14, 2020

Vulnerability identifier: #VU28412

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-16597

CWE-ID: CWE-863

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local authenticated user to manipulate data.

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

How to mitigate CVE-2018-16597

Install update from vendor's website.

Sources

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.214

Authorization bypass in Linux kernel - CVE-2018-16597

Detailed vulnerability description

How to mitigate CVE-2018-16597

Sources

Please verify you're human