CVE-2018-13096

Published: Jul 3, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

Affected (7)

Products: Linux: Linux Kernel · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Linux: Linux Kernel · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 4.14

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.3

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.kernel.org/show_bug.cgi?id=200167

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Jan/52

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

https://usn.ubuntu.com/3821-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/3821-2/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4094-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html