Authorization Bypass

2020-04-1000:46:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

kernel is vulnerable to authorization bypass. The vulnerability exists as a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file.

CPENameOperatorVersion
kerneleq2.6.18__92.1.6.el5
kerneleq2.6.18__92.1.26.el5
kerneleq2.6.18__92.1.18.el5
kerneleq2.6.18__92.1.13.el5
kerneleq2.6.18__128.1.10.el5
kerneleq2.6.18__194.el5
kerneleq2.6.18__164.el5
kerneleq2.6.18__92.el5
kerneleq2.6.18__8.1.6.el5
kerneleq2.6.18__128.1.1.el5

Name	Operator	Version
kernel	eq	2.6.18__92.1.6.el5
kernel	eq	2.6.18__92.1.26.el5
kernel	eq	2.6.18__92.1.18.el5
kernel	eq	2.6.18__92.1.13.el5
kernel	eq	2.6.18__128.1.10.el5
kernel	eq	2.6.18__194.el5
kernel	eq	2.6.18__164.el5
kernel	eq	2.6.18__92.el5
kernel	eq	2.6.18__8.1.6.el5
kernel	eq	2.6.18__128.1.1.el5