CVE-2018-10881 – kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar un acceso fuera de límites en la función ext4_get_group_info, una denegación de servicio (DoS) y un cierre inesperado del sistema montando y operando una imagen del sistema de archivos ext4 especialmente manipulada. • http://patchwork.ozlabs.org/patch/929792 http://www.securityfocus.com/bid/104901 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=200015 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b https://lists.debian.org/debia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-10901 – kernel: kvm: vmx: host GDT limit corruption
https://notcve.org/view.php?id=CVE-2018-10901
A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. Se encontró un fallo en el subsistema de virtualización KVM del kernel de Linux. • http://www.securityfocus.com/bid/104905 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2391 https://access.redhat.com/errata/RHSA-2018:2392 https://access.redhat.com/errata/RHSA-2018:2393 https://access.redhat.com/errata/RHSA-2018:2394 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10901 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3444d7da1839b851eefedd372978d8a982316c36 https://help.ecostruxureit. • CWE-665: Improper Initialization •
CVE-2018-10880 – kernel: stack-out-of-bounds write in ext4_update_inline_data function
https://notcve.org/view.php?id=CVE-2018-10880
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. El kernel de Linux es vulnerable a una escritura de pila fuera de límites en el código del sistema de archivos al montar y escribir en una imagen ext4 manipulada en ext4_update_inline_data(). Un atacante podría utilizar esto para provocar un cierre inesperado del sistema y una denegación de servicio (DoS). A flaw was found in the Linux kernel's ext4 filesystem code. • http://patchwork.ozlabs.org/patch/930639 http://www.securityfocus.com/bid/104907 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://bugzilla.kernel.org/show_bug.cgi?id=200005 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu. • CWE-787: Out-of-bounds Write •
CVE-2018-13405 – Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass
https://notcve.org/view.php?id=CVE-2018-13405
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. La función inode_init_owner en fs/inode.c en el kernel de Linux hasta la versión 3.16 permite a los usuarios locales crear archivos con una propiedad de grupo no deseada, en un escenario donde un directorio es SGID a un cierto grupo y es escribible por un usuario que no es miembro de ese grupo. • https://www.exploit-db.com/exploits/45033 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 http://openwall.com/lists/oss-security/2018/07/13/2 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0717 https://access.redhat.com/errata/RHSA- • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVE-2018-13098
https://notcve.org/view.php?id=CVE-2018-13098
An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Se ha descubierto un problema en fs/f2fs/inode.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (lectura fuera de límites de slab y BUG) para una imagen de sistema de archivos f2fs modificada en el que FI_EXTRA_ATTR está establecido en un inode. • http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html https://bugzilla.kernel.org/show_bug.cgi?id=200173 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76d56d4ab4f2a9e4f085c7d77172194ddaccf7d2 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 • CWE-125: Out-of-bounds Read •