5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:C/A:N
0.0004 Low
EPSS
Percentile
5.3%
An issue was discovered in the Linux kernel before 4.8. Incorrect access
checking in overlayfs mounts could be used by local attackers to modify or
truncate files in the underlying filesystem.
Author | Note |
---|---|
sbeattie | according to https://bugzilla.suse.com/show_bug.cgi?id=1106512#c26 eea2fb4851e9dcbab6b991aaf47e2e024f1f55a0 is not relevant to this issue. |
tyhicks | Ubuntu carries an out-of-tree patch, in some Ubuntu releases, that fixes this flaw: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/xenial/commit/?id=98a3740920f8f3362c1ac50598af2dc632f5051a |
bugzilla.suse.com/show_bug.cgi?id=1106512
git.kernel.org/linus/c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eea2fb4851e9dcbab6b991aaf47e2e024f1f55a0
launchpad.net/bugs/cve/CVE-2018-16597
nvd.nist.gov/vuln/detail/CVE-2018-16597
security-tracker.debian.org/tracker/CVE-2018-16597
www.cve.org/CVERecord?id=CVE-2018-16597
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:C/A:N
0.0004 Low
EPSS
Percentile
5.3%