CVE-2018-10882 — MEDIUM (4.8)

Vulnerability Description

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	-
Canonical	Ubuntu Linux	14.04
Debian	Debian Linux	8.0
Redhat	Enterprise Linux	7.0

Related Weaknesses (CWE)

CWE-787

References

http://www.securityfocus.com/bid/106503Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200069ExploitIssue TrackingPatch
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c3PatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlThird Party Advisory
https://usn.ubuntu.com/3753-1/Third Party Advisory
https://usn.ubuntu.com/3753-2/Third Party Advisory
https://usn.ubuntu.com/3871-1/Third Party Advisory
https://usn.ubuntu.com/3871-3/Third Party Advisory
https://usn.ubuntu.com/3871-4/Third Party Advisory
https://usn.ubuntu.com/3871-5/Third Party Advisory
http://www.securityfocus.com/bid/106503Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200069ExploitIssue TrackingPatch

FAQ

What is CVE-2018-10882?

CVE-2018-10882 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted e...

How severe is CVE-2018-10882?

CVE-2018-10882 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10882?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux.