PT-2018-12684 · Btrfsmaintenance · Btrfsmaintenance

Karol Babioch

Publicado

2018-08-15

Atualizado

2024-06-15

CVE-2018-14722

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions btrfsmaintenance versions through 0.4.1

Description An issue in the evaluate auto mountpoint function in btrfsmaintenance-functions allows code execution as root via a specially crafted filesystem label. This can occur when btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance, which is not the default configuration.

Recommendations For versions through 0.4.1, consider disabling the auto setting for btrfs-{scrub,balance,trim} in /etc/sysconfig/btrfsmaintenance to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-14722

OPENSUSE-SU-2024:10662-1

Produtos afetados

Btrfsmaintenance

PT-2018-12684 · Btrfsmaintenance · Btrfsmaintenance

CVE-2018-14722

Identificadores relacionados

Produtos afetados

Referências · 14