CVE-2018-10689

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.

References

https://www.spinics.net/lists/linux-btrace/msg00847.html

https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7

http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7

http://www.securityfocus.com/bid/104142

https://access.redhat.com/errata/RHSA-2019:2162

Details

Source: MITRE

Published: 2018-05-03

Updated: 2021-07-08

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
153346EulerOS 2.0 SP2 : blktrace (EulerOS-SA-2021-2356)NessusHuawei Local Security Checks
medium
149102EulerOS 2.0 SP3 : blktrace (EulerOS-SA-2021-1768)NessusHuawei Local Security Checks
medium
143762SUSE SLES12 Security Update : blktrace (SUSE-SU-2020:2942-1)NessusSuSE Local Security Checks
medium
141712EulerOS Virtualization 3.0.2.2 : blktrace (EulerOS-SA-2020-2217)NessusHuawei Local Security Checks
medium
140941EulerOS Virtualization for ARM 64 3.0.6.0 : blktrace (EulerOS-SA-2020-1993)NessusHuawei Local Security Checks
medium
137953EulerOS Virtualization 3.0.6.0 : blktrace (EulerOS-SA-2020-1734)NessusHuawei Local Security Checks
medium
136253EulerOS Virtualization for ARM 64 3.0.2.0 : blktrace (EulerOS-SA-2020-1550)NessusHuawei Local Security Checks
medium
133896EulerOS 2.0 SP5 : blktrace (EulerOS-SA-2020-1095)NessusHuawei Local Security Checks
medium
132491NewStart CGSL CORE 5.05 / MAIN 5.05 : blktrace Vulnerability (NS-SA-2019-0245)NessusNewStart CGSL Local Security Checks
medium
131493EulerOS Virtualization for ARM 64 3.0.3.0 : blktrace (EulerOS-SA-2019-2328)NessusHuawei Local Security Checks
medium
131239Amazon Linux AMI : blktrace (ALAS-2019-1319)NessusAmazon Linux Local Security Checks
medium
130217Amazon Linux 2 : blktrace (ALAS-2019-1320)NessusAmazon Linux Local Security Checks
medium
129936NewStart CGSL CORE 5.04 / MAIN 5.04 : blktrace Vulnerability (NS-SA-2019-0198)NessusNewStart CGSL Local Security Checks
medium
128368CentOS 7 : blktrace (CESA-2019:2162)NessusCentOS Local Security Checks
medium
128210Scientific Linux Security Update : blktrace on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127688RHEL 7 : blktrace (RHSA-2019:2162)NessusRed Hat Local Security Checks
medium
124145openSUSE Security Update : blktrace (openSUSE-2019-1224)NessusSuSE Local Security Checks
medium
123969SUSE SLED15 / SLES15 Security Update : blktrace (SUSE-SU-2019:0919-1)NessusSuSE Local Security Checks
medium
121971Photon OS 2.0: Blktrace PHSA-2018-2.0-0076NessusPhotonOS Local Security Checks
medium
121861Photon OS 1.0: Blktrace PHSA-2018-1.0-0167NessusPhotonOS Local Security Checks
critical
120779Fedora 28 : blktrace (2018-c75a37ae9b)NessusFedora Local Security Checks
medium
111960Photon OS 2.0: Blktrace / Systemd / Vim PHSA-2018-2.0-0076 (deprecated)NessusPhotonOS Local Security Checks
medium
111946Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)NessusPhotonOS Local Security Checks
critical