Linux Kernel Incorrect Access Checking File Modification VulnerabilitySeptember 26, 2018 am30 2:02 am

A vulnerability in the ovl_permission() function of the Linux Kernel could allow a local attacker to modify arbitrary files on a targeted system.

The vulnerability is due to improper access checking by the ovl_permission() function of the affected software. An attacker could exploit this vulnerability by accessing overlayfs mounts on a targeted system. A successful exploit could allow the attacker to overwrite or modify root-owned files.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

Kernel.org confirmed the vulnerability and released a patch.

Security Impact Rating: Medium

CVE: CVE-2018-16597

%d bloggers like this: