PT-2018-11490 · Linux+1 · Linux Kernel+1
Cornelius Aschermann
+1
·
Published
2018-06-28
·
Updated
2026-05-26
·
CVE-2018-12931
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel version 4.15.0
Description
The issue is related to the ntfs attr find function in the ntfs.ko filesystem driver, which allows attackers to trigger a stack-based out-of-bounds write. This can cause a denial of service, resulting in a kernel oops or panic, and may have other unspecified impacts. The attack is possible via a crafted ntfs filesystem.
Recommendations
For Linux kernel version 4.15.0, consider upgrading to a newer version that includes a fix for this issue. As a temporary workaround, restrict access to ntfs filesystems to minimize the risk of exploitation.
Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel