Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2018-1095

Published: 02/04/2018 Updated: 13/02/2023
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel up to and including 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows malicious users to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Red Hat: Important: kernel-alt security, bug fix, and enhancement update
Synopsis Important: kernel-alt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp regression
A regression that caused boot failures was fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-hwe, linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression
A regression that caused boot failures was fixed in the Linux kernel ...
Red Hat: CVE-2018-1095
The Linux kernel is vulnerable to an out-of-bound access bug in the fs/posix_aclc:get_acl() function An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a system crash or other unspecified impact with a crafted ext4 image Due to the nature of the flaw, privilege escalation cannot be fully ruled out, alt ...

References

CWE-476https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401https://bugzilla.redhat.com/show_bug.cgi?id=1560793https://bugzilla.kernel.org/show_bug.cgi?id=199185http://openwall.com/lists/oss-security/2018/03/29/1https://usn.ubuntu.com/3695-2/https://usn.ubuntu.com/3695-1/https://access.redhat.com/errata/RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948https://nvd.nist.govhttps://usn.ubuntu.com/3718-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook