5.5

CVE-2018-10322

Exploit
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.16.3
RedhatVirtualization Host Version4.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.393
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
http://www.securityfocus.com/bid/103960
Third Party Advisory
VDB Entry
https://bugzilla.kernel.org/show_bug.cgi?id=199377
Third Party Advisory
Exploit
Issue Tracking
https://usn.ubuntu.com/4578-1/
https://usn.ubuntu.com/4579-1/
https://www.spinics.net/lists/linux-xfs/msg17215.html
Patch
Third Party Advisory