Stack-based Out-of-Bounds Write in Linux Kernel 4.15.0 Affects NTFS Filesystem Driver
CVE-2018-12931

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux Kernel
Ubuntu Linux
Vendor
CVE Published:
28 June 2018

What is CVE-2018-12931?

The ntfs_attr_find function in the ntfs.ko filesystem driver within Linux kernel 4.15.0 is susceptible to a stack-based out-of-bounds write vulnerability. Attackers can exploit this flaw by crafting malicious NTFS filesystems, potentially leading to a denial of service through kernel oops or panic. The impacts may extend beyond mere service disruptions, affecting system stability and security.

References

https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2
x_refsource_MISC
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403
x_refsource_MISC
http://www.securityfocus.com/bid/104588
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.