Vulnerability Details : CVE-2018-1095
Potential exploit
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2018-1095
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1095
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1095
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-1095
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1095
-
https://usn.ubuntu.com/3695-1/
USN-3695-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401
kernel/git/tytso/ext4.git - Ext4 filesystem treePatch
-
https://access.redhat.com/errata/RHSA-2018:2948
RHSA-2018:2948 - Security Advisory - Red Hat Customer Portal
-
https://usn.ubuntu.com/3695-2/
USN-3695-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=1560793
1560793 – (CVE-2018-1095) CVE-2018-1095 kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 imageIssue Tracking
-
http://openwall.com/lists/oss-security/2018/03/29/1
oss-security - a number of CVEs for issues in the filesystem's code in the Linux kernelMailing List
-
https://bugzilla.kernel.org/show_bug.cgi?id=199185
199185 – Invalid pointer dereference in get_acl (fs/posix_acl.c) when mounting and operating crafted ext4 imageExploit;Issue Tracking
Jump to