CVE-2018-10879 - Use After Free

Severity

61%

Complexity

39%

Confidentiality

141%

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:C).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

Type

Linux

First reported 6 years ago

2018-07-26 18:29:00

Last updated 5 years ago

2019-10-09 23:33:00

Affected Software

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Linux Kernel

Debian Linux 8.0 (Jessie)

8.0

Red Hat Enterprise Linux (RHEL) 7.0 (7)

7.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

RedHat Enterprise Linux Workstation 7.0

7.0

References

http://patchwork.ozlabs.org/patch/928666/

Patch, Third Party Advisory

http://patchwork.ozlabs.org/patch/928667/

Patch, Third Party Advisory

104902

Third Party Advisory, VDB Entry

RHSA-2018:2948

Third Party Advisory

RHSA-2018:3083

Third Party Advisory

RHSA-2018:3096

Third Party Advisory

https://bugzilla.kernel.org/show_bug.cgi?id=200001

Exploit, Issue Tracking, Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879

Issue Tracking, Patch, Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a

Patch, Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d

Patch, Vendor Advisory

[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package

Mailing List, Third Party Advisory

USN-3753-1

Third Party Advisory

USN-3753-2

Third Party Advisory

USN-3871-1

Third Party Advisory

USN-3871-3

Third Party Advisory

USN-3871-4

Third Party Advisory

USN-3871-5

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.