CVE-2018-10883

MEDIUM

Linux Kernel < 4.9.110 - Out-of-bounds Write in ext4 Filesystem

Title source: llm
STIX 2.1

Description

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3879-2/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3879-1/
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3871-5/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3871-4/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3871-1/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3871-3/

Scores

CVSS v3 4.8
EPSS 0.0005
EPSS Percentile 15.6%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Details

CWE
CWE-787
Status published
Products (9)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
debian/debian_linux 8.0
linux/linux_kernel < 4.9.110
redhat/enterprise_linux 7.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_server 7.0
redhat/enterprise_linux_workstation 7.0
Published Jul 30, 2018
Tracked Since Feb 18, 2026