oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

a number of CVEs for issues in the filesystem's code in the Linux kernel

From: Vladis Dronov <vdronov () redhat com>
Date: Thu, 29 Mar 2018 03:56:09 -0400 (EDT)
Hello,

A number of CVEs were assigned to recently found issues in the filesystem's code in the Linux kernel:

====

CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 
image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer dereference
in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker with
privileged access could exploit this by mounting a crafted ext4 image to cause a kernel panic.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199179
https://bugzilla.redhat.com/show_bug.cgi?id=1560777

=====

CVE-2018-1093 kernel: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to an out-of-bounds
read in ext4/balloc.c:ext4_valid_block_bitmap() function. An privileged
attacker could exploit this by mounting a crafted ext4 image to cause a crash.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199181
https://bugzilla.redhat.com/show_bug.cgi?id=1560782

=====

CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 
image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer dereference
in the ext4/xattr.c:ext4_xattr_inode_hash() function. A privileged attacker could
exploit this to cause a NULL pointer dereference with a crafted ext4 image.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199183
https://bugzilla.redhat.com/show_bug.cgi?id=1560788

=====

CVE-2018-1095 kernel: NULL pointer dereference in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer
dereference in the  fs/posix_acl.c:get_acl()function. A privileged attacker
could exploit this to cause a NULL pointer dereference with a crafted ext4
image.

References:

https://bugzilla.kernel.org/show_bug.cgi?id=199185
https://bugzilla.redhat.com/show_bug.cgi?id=1560793

=====

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Previous By Date Next
Previous By Thread Next

Current thread: