cvedb.io
CVE-2018-1063
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2018-03-02T15:29:00.400 · Last modified 2026-06-17T01:50:23.947

Summary

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.

Affected products

redhat — enterprise_linux

Does this affect you?

Add your gear to cvedb and we'll alert you only when redhat ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.