CVE-2018-10877Out-of-bounds Read in Linux

CWE-125Out-of-bounds Read25 documents9 sources
Severity
6.5MEDIUMNVD
OSV7.8OSV5.5OSV4.3
EPSS
0.2%
top 52.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxCanonical Ubuntu Linux+3 more
Timeline
PublishedJul 18
Latest updateMay 14

Description

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages5 packages

Debianlinux/linux_kernel< 4.17.3-1+3
Ubuntulinux/linux_kernel< 3.13.0-157.207+3
NVDlinux/linux_kernel4.16, 4.17+1
debiandebian/linux< linux 4.17.3-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

11
GHSA
GHSA-4hq8-f3mj-m9wc: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem2022-05-14
OSV
linux-azure vulnerabilities2019-02-07
OSV
linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities2019-02-04
OSV
linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities2019-02-04
OSV
linux regression2019-01-31

📋Vendor Advisories

11
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities2019-02-04
Ubuntu
Linux kernel (HWE) vulnerabilities2019-02-04
Ubuntu
Linux kernel regression2019-01-31
Ubuntu
Linux kernel vulnerabilities2019-01-29

💬Community

2
Bugzilla
CVE-2018-10877 kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image [fedora-all]2018-06-29
Bugzilla
CVE-2018-10877 kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image2018-06-29