CVE-2022-0617 A UDF file system flaw was found in the way user triggers udf_file_write_iter for the malicious UDF image, which could crash the system.

CVE-2022-0617 A UDF file system flaw was found in the way user triggers udf_file_write_iter for the malicious UDF image, which could crash the system.

This flaw was fixed in the Linux kernel starting with the version of 5.18. The information about this flaw was released to the public on June 16th, 2018.

Linux kernel: CVE-2018-16664 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.

SE Linux kernel: CVE-2018-5532 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.

SE Linux kernel: CVE-2017-18261 In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.

SE Linux kernel: CVE-2017-18262 In the Linux kernel before version 4.14, user creation

Linux kernel: New features of CVE-2018-16664

The new Linux kernel release 4.19 includes a fix for this flaw.

What to look for in a Linux kernel release?

To maintain a secure Linux kernel, always check for the following release notes:

CVE-X-Y-Z
The last part of the security note is what to look for in a release. You should always check for CVE's or Common Vulnerabilities and Exposures. These are flaws that have been identified by the security community. They are not new flaws, but flaws that have been patched and fixed in a new release. If you see these with your Linux kernel version, it is likely that there was an issue that has been resolved.

Understanding Linux Kernel Security Vulnerabilities

In the Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.

In the SE Linux kernel before version 4.14, user creation of files on a UDF image media could lead to local user privilege escalation. An attacker must have local access and be able to create files on the system to be able to exploit this flaw. Note that this applies only to UDF image media, not to UDF image files.

User creation of files on a UDF image media can lead to privilege escalation in both Linux and SE Linux kernels

\^

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe