CVE-2018-20976

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://access.redhat.com/errata/RHSA-2020:0178
https://access.redhat.com/errata/RHSA-2020:0543
https://access.redhat.com/errata/RHSA-2020:0592
https://access.redhat.com/errata/RHSA-2020:0609
https://access.redhat.com/errata/RHSA-2020:0661
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20190905-0002/
https://support.f5.com/csp/article/K10269585?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4144-1/
https://usn.ubuntu.com/4145-1/
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://access.redhat.com/errata/RHSA-2020:0178
https://access.redhat.com/errata/RHSA-2020:0543
https://access.redhat.com/errata/RHSA-2020:0592
https://access.redhat.com/errata/RHSA-2020:0609
https://access.redhat.com/errata/RHSA-2020:0661
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c9fbd7bbc23dbdd73364be4d045e5d3612cf6e82	Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://seclists.org/bugtraq/2019/Nov/11
https://security.netapp.com/advisory/ntap-20190905-0002/
https://support.f5.com/csp/article/K10269585?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4144-1/
https://usn.ubuntu.com/4145-1/

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:02

07 Nov 2023, 02:56

Type	Values Removed	Values Added
References	{'url': 'https://support.f5.com/csp/article/K10269585?utm_source=f5support&utm_medium=RSS', 'name': 'https://support.f5.com/csp/article/K10269585?utm_source=f5support&utm_medium=RSS', 'tags': [], 'refsource': 'CONFIRM'}	() https://support.f5.com/csp/article/K10269585?utm_source=f5support&amp%3Butm_medium=RSS -

Information

Published : 2019-08-19 02:15

Updated : 2024-11-21 04:02

NVD link : CVE-2018-20976

Mitre link : CVE-2018-20976

CVE.ORG link : CVE-2018-20976

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10