Published: 24/05/2018 Updated: 15/03/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In the Linux kernel 4.13 up to and including 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04

Synopsis Moderate: kernel-alt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...

Several security issues were fixed in the Linux kernel ...

The fs/ext4/inlinec:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the systemdata extended attribute value in a dedicated inode The unbound copy can cause memory corruption or possible privilege escalation(CVE-2018-11412) ...

The fs/ext4/inlinec:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the systemdata extended attribute value in a dedicated inode The unbound copy can cause memory corruption or possible privilege escalation (CVE-2018-11412) ...

The fs/ext4/inlinec:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the systemdata extended attribute value in a dedicated inode The unbound copy can cause memory corruption or possible privilege escalation ...

ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks Inline data is stored in two places: The first 60 bytes go in the i_block field in the inode (which normally contains a list of blocks instead), the rest goes in the special filesystem-internal ...

CWE-416 https://bugzilla.kernel.org/show_bug.cgi?id=199803 https://bugs.chromium.org/p/project-zero/issues/detail?id=1580 http://www.securityfocus.com/bid/104291 https://www.exploit-db.com/exploits/44832/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-3/https://access.redhat.com/errata/RHSA-2019:0525 https://access.redhat.com/errata/RHSA-2019:0525 https://nvd.nist.gov https://usn.ubuntu.com/3752-1/https://www.exploit-db.com/exploits/44832/

CVE-2018-11412

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect