CVE-2018-10877

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

References

http://www.securityfocus.com/bid/104878

http://www.securityfocus.com/bid/106503

https://access.redhat.com/errata/RHSA-2018:2948

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877

https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html

https://usn.ubuntu.com/3753-1/

https://usn.ubuntu.com/3753-2/

https://usn.ubuntu.com/3754-1/

https://usn.ubuntu.com/3871-1/

https://usn.ubuntu.com/3871-3/

https://usn.ubuntu.com/3871-4/

https://usn.ubuntu.com/3871-5/

Details

Source: MITRE

Published: 2018-07-18

Updated: 2019-04-01

Type: CWE-125

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 0.6

Severity: MEDIUM

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
141697EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-2222)NessusHuawei Local Security Checks
high
125513EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)NessusHuawei Local Security Checks
high
124431EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)NessusHuawei Local Security Checks
high
123962Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4601)NessusOracle Linux Local Security Checks
medium
123961Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4600)NessusOracle Linux Local Security Checks
medium
123269openSUSE Security Update : the Linux Kernel (openSUSE-2019-618) (Foreshadow)NessusSuSE Local Security Checks
medium
122837OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0009)NessusOracleVM Local Security Checks
high
122803Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4575)NessusOracle Linux Local Security Checks
high
122052Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3871-5)NessusUbuntu Local Security Checks
high
121594Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)NessusUbuntu Local Security Checks
high
121593Ubuntu 18.04 LTS : linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3871-3)NessusUbuntu Local Security Checks
high
121592Ubuntu 18.04 LTS : Linux kernel regression (USN-3871-2)NessusUbuntu Local Security Checks
high
121469Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3871-1)NessusUbuntu Local Security Checks
high
120082SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2380-1) (Foreshadow)NessusSuSE Local Security Checks
medium
118513RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)NessusRed Hat Local Security Checks
high
118034SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)NessusSuSE Local Security Checks
high
118033SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)NessusSuSE Local Security Checks
high
117824SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)NessusSuSE Local Security Checks
high
117800SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)NessusSuSE Local Security Checks
high
117629SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)NessusSuSE Local Security Checks
high
112113Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1)NessusUbuntu Local Security Checks
critical
112112Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3753-2)NessusUbuntu Local Security Checks
high
112111Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3753-1)NessusUbuntu Local Security Checks
high
111997openSUSE Security Update : the Linux Kernel (openSUSE-2018-885) (Foreshadow)NessusSuSE Local Security Checks
high
111812openSUSE Security Update : the Linux Kernel (openSUSE-2018-886) (Foreshadow)NessusSuSE Local Security Checks
high
111165Debian DLA-1423-1 : linux-4.9 new package (Spectre)NessusDebian Local Security Checks
high