CVE-2018-16550

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2018-16550 is a vulnerability that affects Linux kernel versions 4.9 and higher. It stems from a race condition in the fasync() function, which is responsible for managing asynchronous file operations. An attacker with local access to a vulnerable system may exploit this flaw to escalate their privileges and gain root access. This vulnerability was discovered by security researchers at Tencent Keen Security Lab in April 2018. In August 2018, Red Hat released a security advisory detailing the impact of CVE-2018-16550 and providing updates to address the vulnerability. The advisory rated the severity of the vulnerability as important, warning that a successful exploit could allow an attacker to execute arbitrary code, modify files, or cause a denial-of-service condition. Several other Linux distributions, including Debian, Ubuntu, and SUSE, also released updates to address the vulnerability around the same time. It is worth noting that while CVE-2018-16550 can be exploited locally, an attacker must already have some level of access to the affected system to do so. As such, organizations are advised to practice good security hygiene and limit local user privileges to reduce the likelihood of an attacker being able to exploit this or similar vulnerabilities.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CVE-2018-16550 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Close Quarters Encounters with Third Generation Malware Compels UK and Danish Municipalities to Remodel Vulnerability Management Safeguards