Vulnerability Details : CVE-2018-16597
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
Products affected by CVE-2018-16597
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16597
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16597
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:C/A:N |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-16597
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16597
-
https://bugzilla.suse.com/show_bug.cgi?id=1106512
Bug 1106512 – VUL-0: CVE-2018-16597: kernel-source: overlayfs file truncation without permissionsIssue Tracking;Patch;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Jul/33
Bugtraq: [slackware-security] Slackware 14.2 kernel (SSA:2019-202-01)
-
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
Slackware Security Advisory - Slackware 14.2 kernel Updates ≈ Packet Storm
-
http://www.securityfocus.com/bid/105394
Linux Kernel CVE-2018-16597 Local Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20190204-0001/
September 2018 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
[security-announce] openSUSE-SU-2018:3202-1: important: Security updateMailing List;Third Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Third Party Advisory
-
https://support.f5.com/csp/article/K22691834
Third Party Advisory
Jump to