CVE-2018-12929

low-risk

Published 2018-06-28

ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Ubuntu Linux

Affected Vendors

Linux Canonical

References (8)

Third Party Advisory http://www.securityfocus.com/bid/104588

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0641

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403

Mailing List https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2

Third Party Advisory http://www.securityfocus.com/bid/104588

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0641

Issue Tracking https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403

Mailing List https://marc.info/?l=linux-ntfs-dev&m=152413769810234&w=2

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low