CVE Vulnerability

CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

4.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

Scope

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1106512 Issue Tracking Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 Patch Third Party Advisory
http://www.securityfocus.com/bid/105394 Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20190204-0001/ Patch Third Party Advisory
https://support.f5.com/csp/article/K22691834 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/33
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Configurations

Configuration 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Information

Published : 2018-09-21 04:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-16597

Mitre link : CVE-2018-16597

Products Affected
No products.
CWE
CWE-863