CVE-2018-1166Use After Free in Smartos

CWE-416Use After FreeCWE-20Improper Input Validation3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Joyent SmartosJoyent Smartos
Timeline
PublishedFeb 21
Latest updateMay 13

Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMBIOC_TREE_RELE ioctl. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabili

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDjoyent/smartos20170803
CVEListV5joyent/joyent_smartosrelease-20170803-20170803T064301Z

🔴Vulnerability Details

2
GHSA
GHSA-x8h6-px62-hfm6: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z2022-05-13
CVEList
CVE-2018-1166: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z2018-02-21
CVE-2018-1166 — Use After Free in Joyent Smartos | cvebase