Denial of Service Vulnerability in GlusterFS by Red Hat
CVE-2018-10914

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Glusterfs
Vendor: CVE Published:; 4 September 2018

🔔 Create Red Hat Vulnerability Alert

What is CVE-2018-10914?

An attacker can exploit a flaw in GlusterFS through a malicious xattr request issued via FUSE, leading to the crash of the Gluster brick process. If multiplexing is enabled, this exploit can extend the impact, causing multiple bricks and volumes to go down simultaneously, resulting in significant service outages for users.

Affected Version(s)

glusterfs

References

https://access.redhat.com/errata/RHSA-2018:2607

vendor-advisoryx_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2018/09/msg0...

mailing-listx_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10914

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2018
Vulnerability Reserved
May 9, 2018

.