Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-20976

Опубликовано: 15 мая 2018
Источник: redhat
CVSS3: 7.8
EPSS Низкий

Описание

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure (sb->s_fs_info) may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who is able to groom memory to place an attacker-controlled data structure in this location and create a use-after-free situation which can result in memory corruption or privilege escalation.

Отчет

Red Hat Enterprise Linux 7.6.z had fixed this flaw mid release without it being recognised as a CVE. Prior releases of Red Hat Enterprise Linux EUS/AUS will still require the fix to be secure. Trackers have been made and fixes will be available as part of the standard release cycle.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 7.2 Advanced Update SupportkernelFixedRHSA-2020:066103.03.2020
Red Hat Enterprise Linux 7.3 Advanced Update SupportkernelFixedRHSA-2020:017821.01.2020
Red Hat Enterprise Linux 7.3 Telco Extended Update SupportkernelFixedRHSA-2020:017821.01.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1743547kernel: use-after-free in fs/xfs/xfs_super.c

EPSS

Процентиль: 27%
0.00097
Низкий

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-20976

CVSS3: 7.8
ubuntu
больше 6 лет назад

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

nvd логотип

CVE-2018-20976

CVSS3: 7.8
nvd
больше 6 лет назад

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

debian логотип

CVE-2018-20976

CVSS3: 7.8
debian
больше 6 лет назад

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel befo ...

github логотип

GHSA-2px5-xhf9-x464

CVSS3: 7.8
github
больше 3 лет назад

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

fstec логотип

BDU:2020-02916

CVSS3: 7.8
fstec
больше 7 лет назад

Уязвимость компонента fs/xfs/xfs_super.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

EPSS

Процентиль: 27%
0.00097
Низкий

7.8 High

CVSS3