CVE-2018-10840
EUVD-2018-290916.07.2018, 20:29
Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | - |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 18.04 |
| redhat | enterprise_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||
| linux-aws |
| ||||||||||
| linux-azure |
| ||||||||||
| linux-azure-edge |
| ||||||||||
| linux-euclid |
| ||||||||||
| linux-flo |
| ||||||||||
| linux-gcp |
| ||||||||||
| linux-gke |
| ||||||||||
| linux-goldfish |
| ||||||||||
| linux-grouper |
| ||||||||||
| linux-hwe |
| ||||||||||
| linux-hwe-edge |
| ||||||||||
| linux-kvm |
| ||||||||||
| linux-lts-trusty |
| ||||||||||
| linux-lts-utopic |
| ||||||||||
| linux-lts-vivid |
| ||||||||||
| linux-lts-wily |
| ||||||||||
| linux-lts-xenial |
| ||||||||||
| linux-maguro |
| ||||||||||
| linux-mako |
| ||||||||||
| linux-manta |
| ||||||||||
| linux-oem |
| ||||||||||
| linux-raspi2 |
| ||||||||||
| linux-snapdragon |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References