PT-2018-3499 · Linux+3 · Linux Kernel+3

Published

2018-05-15

Updated

2020-03-02

CVE-2018-20976

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.18

Description: The issue is related to a use after free in the fs/xfs/xfs super.c component of the Linux kernel. This could allow an attacker to gain unauthorized access to information and compromise its integrity and availability. The problem is associated with the failure of xfs fs fill super.

Recommendations: For Linux kernel versions prior to 4.18, update to version 4.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the xfs fs fill super function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2018-2192

ALT-PU-2018-2210

ALT-PU-2019-1433

BDU:2020-02916

CVE-2018-20976

DLA-1930-1

DLA-2114-1

OPENSUSE-SU-2019:2173-1

OPENSUSE-SU-2019:2181-1

OPENSUSE-SU-2019_2173-1

OPENSUSE-SU-2019_2181-1

RHSA-2020:0178

RHSA-2020:0543

RHSA-2020:0592

RHSA-2020:0609

RHSA-2020:0661

SUSE-SU-2019:14218-1

SUSE-SU-2019:2412-1

SUSE-SU-2019:2414-1

SUSE-SU-2019:2424-1

SUSE-SU-2019:2648-1

SUSE-SU-2019:2651-1

SUSE-SU-2019:2658-1

SUSE-SU-2019:2738-1

SUSE-SU-2019:2756-1

SUSE-SU-2019:2949-1

SUSE-SU-2019:2950-1

SUSE-SU-2019:2984-1

SUSE-SU-2019_14218-1

USN-4144-1

USN-4145-1

Affected Products

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2018-3499 · Linux+3 · Linux Kernel+3

CVE-2018-20976

Weakness Enumeration

Related Identifiers

Affected Products

References · 676