CVE-2018-20976

HIGH

Linux Kernel < 4.18 - Use-After-Free in xfs_fs_fill_super

Title source: llm
STIX 2.1

Description

An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.

References (17)

Core 17
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20190905-0002/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4144-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4145-1/
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Nov/11
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0178
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0543
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0592
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0609
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2020:0661

Scores

CVSS v3 7.8
EPSS 0.0061
EPSS Percentile 44.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
linux/linux_kernel < 4.18
Published Aug 19, 2019
Tracked Since Feb 18, 2026