CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2018-1094 – kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1094
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.15.15 no inicializa siempre el controlador de las sumas de verificación crc32c, lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL en ext4_xattr_inode_hash y cierre inesperado del sistema) mediante una imagen ext4 manipulada. The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image. • http://openwall.com/lists/oss-security/2018/03/29/1 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199183 https://bugzilla.redhat.com/show_bug.cgi?id=1560788 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.g • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1095 – kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1095
The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. La función ext4_xattr_check_entries en fs/ext4/xattr.c en el kernel de Linux hasta la versión 4.15.15 no valida correctamente los tamaños de xattr, lo que provoca una malinterpretación de un tamaño como un código de error y, en consecuencia, permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL en get_acl y cierre inesperado del sistema) mediante una imagen ext4 manipulada. The Linux kernel is vulnerable to an out-of-bound access bug in the fs/posix_acl.c:get_acl() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a system crash or other unspecified impact with a crafted ext4 image. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. • http://openwall.com/lists/oss-security/2018/03/29/1 https://access.redhat.com/errata/RHSA-2018:2948 https://bugzilla.kernel.org/show_bug.cgi?id=199185 https://bugzilla.redhat.com/show_bug.cgi?id=1560793 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a852f22df97baa401 https://usn.ubuntu.com/3695-1 https://usn.ubuntu.com/3695-2 https://access.redhat.com/security/cve/CVE-2018-1095 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18255
https://notcve.org/view.php?id=CVE-2017-18255
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. La función perf_cpu_time_max_percent_handler en kernel/events/core.c en el kernel de Linux en versiones anteriores a la 4.11 permite que los usuarios locales provoquen una denegación de servicio (desbordamiento de enteros) o, posiblemente, otro impacto no especificado mediante un valor de gran tamaño, tal y como queda demostrado con un cálculo incorrecto de la frecuencia de muestreo. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d http://www.securityfocus.com/bid/103607 https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3754-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1091 – kernel: guest kernel crash during core dump on POWER9 host
https://notcve.org/view.php?id=CVE-2018-1091
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. En la función flush_tmregs_to_thread en arch/powerpc/kernel/ptrace.c en el kernel de Linux, en versiones anteriores a la 4.13.5, se puede desencadenar un cierre inesperado del kernel invitado desde un espacio de usuario sin privilegios durante un volcado de memoria en un host POWER. Esto se debe a la falta de verificación de la funcionalidad del procesador y un uso erróneo de las instrucciones de la memoria transaccional (TM) en la ruta de volcado de memoria, lo que da lugar a una denegación de servicio (DoS). A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70 http://openwall.com/lists/oss-security/2018/03/27/4 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/security/cve/cve-2018-1091 https://bugzilla.redhat.com/show_bug.cgi?id=1558149 https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70 https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2 https://www.kernel.org/pub/linux&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18249
https://notcve.org/view.php?id=CVE-2017-18249
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. La función add_free_nid en fs/f2fs/noce.c en el kernel de Linux, en versiones anteriores a la 4.12, no rastrea correctamente un nid asignado, lo cual podría permitir a los usuarios locales provocar una denegación de servicio (condición de carrera) o, posiblemente, causar otro impacto sin especificar mediante hilos concurrentes. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3 http://www.securitytracker.com/id/1041432 https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3932-1 https://usn.ubuntu.com/3932-2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •