Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16597

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

Published

2018-09-21T16:29:01.343

Last Modified

2024-11-21T03:53:01.613

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: COMPLETE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.8	Yes
Application	netapp	active_iq_performance_analytics_services	-	Yes
Application	netapp	element_software	-	Yes
Operating System	opensuse	leap	42.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html ([email protected])
http://www.securityfocus.com/bid/105394 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1106512 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 Patch, Third Party Advisory ([email protected])
https://seclists.org/bugtraq/2019/Jul/33 ([email protected])
https://security.netapp.com/advisory/ntap-20190204-0001/ Patch, Third Party Advisory ([email protected])
https://support.f5.com/csp/article/K22691834 Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105394 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.suse.com/show_bug.cgi?id=1106512 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Jul/33 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20190204-0001/ Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/csp/article/K22691834 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)