CVE-2018-10840Heap-based Buffer Overflow in Linux

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write15 documents9 sources
Severity
6.6MEDIUMNVD
OSV5.5
EPSS
0.1%
top 71.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxKernel Heap-based Buffer Overflow IN FS Ext4 Xattr.c+3 more
Timeline
PublishedJul 16
Latest updateMay 13

Description

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages5 packages

Debianlinux/linux_kernel< 4.17.3-1+3
Ubuntulinux/linux_kernel< 4.15.0-33.36
debiandebian/linux< linux 4.17.3-1 (bookworm)

Also affects: Ubuntu Linux 14.04, 18.04, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

6
GHSA
GHSA-mq9x-53x3-39h5: Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr2022-05-13
OSV
linux-azure, linux-oem, linux-gcp vulnerabilities2018-08-28
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities2018-08-24
OSV
linux-hwe vulnerabilities2018-08-24
OSV
CVE-2018-10840: Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr2018-07-16

📋Vendor Advisories

6
Android
CVE-2018-10840: ext4 filesystem2018-12-01
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities2018-08-28
Ubuntu
Linux kernel vulnerabilities2018-08-24
Ubuntu
Linux kernel (HWE) vulnerabilities2018-08-24
Red Hat
kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image2018-04-11

💬Community

2
Bugzilla
CVE-2018-10840 kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image2018-05-25
Bugzilla
CVE-2018-10840 kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image [fedora-all]2018-05-25