CVE-2018-17336 — HIGH (7.8)

Vulnerability Description

UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Freedesktop	Udisks	2.8.0
Canonical	Ubuntu Linux	18.04

Related Weaknesses (CWE)

CWE-134

References

https://access.redhat.com/errata/RHSA-2019:2178
https://github.com/storaged-project/udisks/issues/578ExploitPatchThird Party Advisory
https://usn.ubuntu.com/3772-1/Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2178
https://github.com/storaged-project/udisks/issues/578ExploitPatchThird Party Advisory
https://usn.ubuntu.com/3772-1/Third Party Advisory

FAQ

What is CVE-2018-17336?

CVE-2018-17336 is a vulnerability with a CVSS score of 7.8 (HIGH). UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or ...

How severe is CVE-2018-17336?

CVE-2018-17336 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17336?

Check the references section above for vendor advisories and patch information. Affected products include: Freedesktop Udisks, Canonical Ubuntu Linux.