Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
BID:104858
CVE-2018-10840 |Info
Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 104858 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2018-10840 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 11 2018 12:00AM |
| Updated: | Dec 07 2018 06:00AM |
| Credit: | Wen Xu from SSLab, Gatech. |
| Vulnerable: |
Redhat Enterprise Mrg 2 Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 Redhat Enterprise Linux 5 Linux kernel 4.16.11 Linux kernel 4.16.9 Linux kernel 4.16.6 Linux kernel 4.16.3 Linux kernel 4.15.14 Linux kernel 4.15.11 Linux kernel 4.15.9 Linux kernel 4.15.4 Linux kernel 4.17-rc2 Linux kernel 4.17 Linux kernel 4.16-rc7 Linux kernel 4.16-rc6 Linux kernel 4.16-rc Linux kernel 4.16 Linux kernel 4.15.8 Linux kernel 4.15.7 Linux kernel 4.15.16 Linux kernel 4.15-rc5 Linux kernel 4.15 Google Android 0 |
| Not Vulnerable: | |
Discussion
Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
Linux Kernel is prone to a local heap-based buffer-overflow vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions.
Kernel versions 4.15, 4.16, and 4.17 are vulnerable; other versions may also be affected.
Linux Kernel is prone to a local heap-based buffer-overflow vulnerability.
Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions.
Kernel versions 4.15, 4.16, and 4.17 are vulnerable; other versions may also be affected.
Exploit / POC
Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Solution / Fix
Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability
References:
References:
- Linux kernel Homepage (kernel.org)
- Android Security Bulletin�??December 2018 (Google)
- Bug 1582346 CVE-2018-10840 kernel: Heap-based buffer overflow (Redhat)
- Bug 199347 - buffer overflow in ext4_xattr_set_entry() (Kernel)
- CVE-2018-10840 (Redhat)
- ext4: correctly handle a zero-length xattr with a non-zero e_value_offs (Kernel)
- Kernel.org Bugzilla �?? Attachment #276147: ext4: correctly handle a zero-length (kernel)