CVE-2018-10840 MEDIUM

CVE-2018-10840

Vendor Kernel
Product heap-based buffer overflow in fs/ext4/xattr.c
Weakness CWE-122
Published July 16, 2018
Last update August 5, 2024

CVSS base score

5.2/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

Key dates

02Disclosure timeline

July 16, 2018 CVE published
August 5, 2024 Record updated