CVE-2018-12930
kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.
ntfs_end_buffer_async_read en el controlador en el sistema de archivos ntfs.ko en el kernel de Linux 4.15.0 permite que los atacantes desencadenen una escritura fuera de límites basada en la pila de memoria y provoquen una denegación de servicio (OOPS o pánico del kernel) o, posiblemente, provoquen otro impacto no especificado mediante un sistema de archivos ntfs manipulado.
A flaw was found in ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel. This allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service or possibly have unspecified other impact via a crafted ntfs filesystem. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-06-28 CVE Reserved
- 2018-06-28 CVE Published
- 2023-06-22 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104588 | Third Party Advisory | |
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403 | Issue Tracking | |
https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:0641 | 2019-03-26 | |
https://access.redhat.com/security/cve/CVE-2018-12930 | 2019-03-26 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1597837 | 2019-03-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.15 Search vendor "Linux" for product "Linux Kernel" and version "4.15" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04.4 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04.4" | lts |
Affected
|