Unrated severityNVD Advisory· Published Mar 2, 2018· Updated Aug 5, 2024

CVE-2018-1063

Description

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

Affected products

Selinux Project/Policycoreutilsv5
Range: 2.5-11 and newer

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/errata/RHSA-2018:0913mitrevendor-advisoryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000