CVE-2018-1095 : The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate

The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.

Published 2018-04-02 03:29:00

Updated 2023-02-13 04:53:15

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2018-1095

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 49 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-1095

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-1095

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-1095

https://usn.ubuntu.com/3695-1/

USN-3695-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401

kernel/git/tytso/ext4.git - Ext4 filesystem tree
Patch
https://access.redhat.com/errata/RHSA-2018:2948

RHSA-2018:2948 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://usn.ubuntu.com/3695-2/

USN-3695-2: Linux kernel (HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1560793

1560793 – (CVE-2018-1095) CVE-2018-1095 kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image
Issue Tracking
http://openwall.com/lists/oss-security/2018/03/29/1

oss-security - a number of CVEs for issues in the filesystem's code in the Linux kernel
Mailing List

CVEs referencing this url
https://bugzilla.kernel.org/show_bug.cgi?id=199185

199185 – Invalid pointer dereference in get_acl (fs/posix_acl.c) when mounting and operating crafted ext4 image
Exploit;Issue Tracking

Products affected by CVE-2018-1095

Linux » Linux Kernel
Versions up to, including, (<=) 4.15.15
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2018-1095

Exploit prediction scoring system (EPSS) score for CVE-2018-1095

CVSS scores for CVE-2018-1095

CWE ids for CVE-2018-1095

References for CVE-2018-1095

Products affected by CVE-2018-1095