CVE-2018-10883Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write24 documents9 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxCanonical Ubuntu Linux+6 more
Timeline
PublishedJul 30
Latest updateMay 13

Description

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDlinux/linux_kernel< 4.9.110
Debianlinux/linux_kernel< 4.17.3-1+3
Ubuntulinux/linux_kernel< 4.4.0-142.168+2
debiandebian/linux< linux 4.17.3-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

11
GHSA
GHSA-jrh4-2f65-vc34: A flaw was found in the Linux kernel's ext4 filesystem2022-05-13
OSV
linux-azure vulnerabilities2019-02-07
OSV
linux-lts-xenial, linux-aws vulnerabilities2019-02-04
OSV
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities2019-02-04
OSV
linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities2019-02-04

📋Vendor Advisories

10
Android
CVE-2018-10883: ext4 filesystem2019-03-01
Ubuntu
Linux kernel (Azure) vulnerabilities2019-02-07
Ubuntu
Linux kernel (AWS, GCP, KVM, OEM, Raspberry Pi 2) vulnerabilities2019-02-04
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2019-02-04
Ubuntu
Linux kernel vulnerabilities2019-02-04

💬Community

2
Bugzilla
CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function [fedora-all]2018-06-29
Bugzilla
CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function2018-06-29
CVE-2018-10883 — Out-of-bounds Write in Linux Kernel | cvebase