CVE-2018-12930

Опубликовано: 12 апр. 2018

Источник: redhat

CVSS3: 4.6

EPSS Низкий

Описание

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.

A flaw was found in ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel. This allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2019:0641	26.03.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=1597837kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko

EPSS

Процентиль: 30%

0.00113

Низкий

4.6 Medium

CVSS3

Связанные уязвимости

CVE-2018-12930

CVSS3: 7.8

ubuntu

больше 7 лет назад

CVE-2018-12930

CVSS3: 7.8

nvd

больше 7 лет назад

CVE-2018-12930

CVSS3: 7.8

debian

больше 7 лет назад

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Lin ...

GHSA-78v4-95qf-9cqq

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 30%

0.00113

Низкий

4.6 Medium

CVSS3