Home CVE Database CVE-2018-12233

CVE-2018-12233

Description

In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.

Priority: MEDIUM
CVSS v3: 7.8
Publish Date: Jun 12, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Jun 12, 2018

Find out more about CVE-2018-12233 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

linux

Live chat
Online