Use-After-Free Vulnerability in ext4 Filesystem Code Impacting Linux Kernel
CVE-2018-10876

5MEDIUM

Key Information:

Vendor: [unknown]
Status: Kernel
Vendor: CVE Published:; 26 July 2018

What is CVE-2018-10876?

A vulnerability exists in the Linux kernel's ext4 filesystem code, where improper handling of resources can lead to a use-after-free condition. This issue arises within the ext4_ext_remove_space() function, particularly when a manipulated ext4 image is mounted and operated on. Attackers exploiting this vulnerability could potentially execute arbitrary code or alter system behavior, presenting significant risks to system integrity and confidentiality.

Affected Version(s)

kernel

References

http://patchwork.ozlabs.org/patch/929239/

x_refsource_CONFIRM

https://usn.ubuntu.com/3753-2/

vendor-advisoryx_refsource_UBUNTU

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
May 9, 2018

CVE-2018-10876 Data

JSON

[unknown]

What is CVE-2018-10876?

Affected Version(s)

References

CVSS V3.1

CVSS V3.0

Timeline