Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-16597

Good to know:

icon

Date: September 21, 2018

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

Language: C

Severity Score

Related Resources (12)

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
https://bugzilla.suse.com/show_bug.cgi?id=1106512
https://security.netapp.com/advisory/ntap-20190204-0001/
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16597
https://nvd.nist.gov/vuln/detail/CVE-2018-16597
https://support.f5.com/csp/article/K22691834
http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://seclists.org/bugtraq/2019/Jul/33
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c0ca3d70e8d3cf81e2255a217f7ca402f5ed0862
http://www.securityfocus.com/bid/105394
https://access.redhat.com/security/cve/CVE-2018-16597
https://www.mend.io/vulnerability-database/CVE-2018-16597

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Incorrect Authorization

CWE-863

Top Fix

icon

Upgrade Version

Upgrade to version linux-yocto - 4.8.12+gitAUTOINC+926c93ae07_021b4aef55;linux-yocto - 4.10+gitAUTOINC+805ea440c7_b259a5d744

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): HIGH
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): COMPLETE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us