7.1

CVE-2018-1094

Exploit
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.15.15
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.13% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948
Third Party Advisory
https://usn.ubuntu.com/3695-1/
Third Party Advisory
https://usn.ubuntu.com/3695-2/
Third Party Advisory
http://openwall.com/lists/oss-security/2018/03/29/1
Third Party Advisory
Mailing List
https://bugzilla.kernel.org/show_bug.cgi?id=199183
Exploit
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1560788
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1
Patch