Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2018-1092

Published: 02/04/2018 Updated: 12/02/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

The ext4_iget function in fs/ext4/inode.c in the Linux kernel up to and including 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows malicious users to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel-rt security, bug fix, and enhancement update
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: kernel-alt security, bug fix, and enhancement update
Synopsis Important: kernel-alt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-gcp, linux-kvm vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-gcp, linux-oem vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Debian Security Advisories: DSA-4187-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq) On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able ...
Debian Security Advisories: DSA-4188-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read mem ...
Red Hat: CVE-2018-1092
The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballocc:ext4_process_freed_data() function An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic ...

References

CWE-476https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44https://bugzilla.redhat.com/show_bug.cgi?id=1560777https://bugzilla.kernel.org/show_bug.cgi?id=199179http://openwall.com/lists/oss-security/2018/03/29/1https://bugzilla.kernel.org/show_bug.cgi?id=199275https://www.debian.org/security/2018/dsa-4188https://www.debian.org/security/2018/dsa-4187https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlhttps://usn.ubuntu.com/3678-2/https://usn.ubuntu.com/3678-1/https://usn.ubuntu.com/3677-2/https://usn.ubuntu.com/3677-1/https://usn.ubuntu.com/3676-2/https://usn.ubuntu.com/3676-1/https://usn.ubuntu.com/3678-3/https://usn.ubuntu.com/3678-4/https://usn.ubuntu.com/3754-1/https://access.redhat.com/errata/RHSA-2018:3096https://access.redhat.com/errata/RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:2948https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2018:3083https://usn.ubuntu.com/3676-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook