CVE-2017-18224

{"id": "CVE-2017-18224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2018-03-12T03:29:00.260", "references": [{"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/103353", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2018/dsa-4188", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field."}, {"lang": "es", "value": "En el kernel de Linux, en versiones anteriores a la 4.15, fs/ocfs2/aops.c omite el uso de un sem\u00e1foro y, por consiguiente, tiene una condici\u00f3n de carrera al acceder al \u00e1rbol extent durante las operaciones de lectura en modo DIRECT. Esto permite que usuarios locales provoquen una denegaci\u00f3n de servicio (bug) modificando cierto campo e_cpos."}], "lastModified": "2018-05-03T01:29:37.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4344060-7D43-4A74-A2EF-DE9A6F8457A6", "versionEndExcluding": "4.15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}