CVE-2018-16597 — MEDIUM (5.5)

Q: What is CVE-2018-16597?

CVE-2018-16597 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

Q: How severe is CVE-2018-16597?

CVE-2018-16597 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-16597?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Performance Analytics Services, Netapp Element Software, Opensuse Leap.

Vulnerability Description

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 4.8
Netapp	Active Iq Performance Analytics Services	-
Netapp	Element Software	-
Opensuse	Leap	42.3

Related Weaknesses (CWE)

CWE-863

References

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackwar
http://www.securityfocus.com/bid/105394Third Party AdvisoryVDB Entry
https://bugzilla.suse.com/show_bug.cgi?id=1106512Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0PatchThird Party Advisory
https://seclists.org/bugtraq/2019/Jul/33
https://security.netapp.com/advisory/ntap-20190204-0001/PatchThird Party Advisory
https://support.f5.com/csp/article/K22691834Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackwar
http://www.securityfocus.com/bid/105394Third Party AdvisoryVDB Entry
https://bugzilla.suse.com/show_bug.cgi?id=1106512Issue TrackingPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0PatchThird Party Advisory
https://seclists.org/bugtraq/2019/Jul/33
https://security.netapp.com/advisory/ntap-20190204-0001/PatchThird Party Advisory

FAQ

What is CVE-2018-16597?

CVE-2018-16597 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

How severe is CVE-2018-16597?

CVE-2018-16597 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16597?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Active Iq Performance Analytics Services, Netapp Element Software, Opensuse Leap.