A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
References
Link | Resource |
---|---|
http://patchwork.ozlabs.org/patch/929239/ | Patch |
http://www.securityfocus.com/bid/104904 | |
http://www.securityfocus.com/bid/106503 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2019:0525 | Third Party Advisory |
https://bugzilla.kernel.org/show_bug.cgi?id=199403 | Exploit Issue Tracking |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876 | Issue Tracking Patch |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c | Patch |
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Third Party Advisory |
https://usn.ubuntu.com/3753-1/ | Third Party Advisory |
https://usn.ubuntu.com/3753-2/ | Third Party Advisory |
https://usn.ubuntu.com/3871-1/ | Third Party Advisory |
https://usn.ubuntu.com/3871-3/ | Third Party Advisory |
https://usn.ubuntu.com/3871-4/ | Third Party Advisory |
https://usn.ubuntu.com/3871-5/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2018-07-26 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-10876
Mitre link : CVE-2018-10876
CVE.ORG link : CVE-2018-10876
JSON object : View
Products Affected
linux
- linux_kernel
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-416
Use After Free