#VU13824 Out-of-bounds write in Linux kernel - CVE-2018-10882
Published: July 11, 2018 / Updated: May 30, 2020
Vulnerability identifier: #VU13824
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10882
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds write error in the fs/jbd2/transaction.csource code in the fourth extended filesystem (ext4). A local attacker can unmount a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
The vulnerability has been fixed in the versions 4.4.140, 4.9.112, 4.14.55, 4.17.6.