CVE-2018-16597
MEDIUMLinux Kernel < 4.8 - Incorrect Authorization in OverlayFS Mounts
Title source: llmDescription
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105394
Patch, Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190204-0001/
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1106512
Patch, Third Party Advisory x_refsource_confirm
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
Third Party Advisory x_refsource_confirm
https://support.f5.com/csp/article/K22691834
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Mailing List mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jul/33
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Scores
CVSS v3
5.5
EPSS
0.0009
EPSS Percentile
25.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (4)
linux/linux_kernel
< 4.8
netapp/active_iq_performance_analytics_services
netapp/element_software
opensuse/leap
42.3
Published
Sep 21, 2018
Tracked Since
Feb 18, 2026