CVE-2018-1094

Published: Apr 2, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

Affected (6)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.15.15

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (20)

http://openwall.com/lists/oss-security/2018/03/29/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2948

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3083

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3096

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.kernel.org/show_bug.cgi?id=199183

Source: secalert@redhat.com

ExploitIssue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1560788

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957

Source: secalert@redhat.com

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1

Source: secalert@redhat.com

Patch

https://usn.ubuntu.com/3695-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/3695-2/

Source: secalert@redhat.com

Third Party Advisory

http://openwall.com/lists/oss-security/2018/03/29/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2948

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3083

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3096

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.kernel.org/show_bug.cgi?id=199183

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1560788

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://usn.ubuntu.com/3695-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/3695-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.