CVE-2018-1092 – kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
https://notcve.org/view.php?id=CVE-2018-1092
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. La función ext4_iget en fs/ext4/inode.c en el kernel de Linux hasta la versión 4.15.15 gestiona de manera incorrecta el caso de un directorio root con un i_lnks_count igual a cero, lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL en ext4_process_freed_data y OOPS) mediante una imagen ext4 manipulada. The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic. • http://openwall.com/lists/oss-security/2018/03/29/1 https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199179 https://bugzilla.kernel.org/show_bug.cgi?id=199275 https://bugzilla.redhat.com/show_bug.cgi?id=1560777 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 https://l • CWE-476: NULL Pointer Dereference •
CVE-2018-1093
https://notcve.org/view.php?id=CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. La función ext4_valid_block_bitmap en fs/ext4/balloc.c en el kernel de Linux hasta la versión 4.15.15 permite que los atacantes provoquen un denegación de servicio (lectura fuera de límites y cierre inesperado del sistema) mediante una imagen ext4 manipulada dado que balloc.c y ialloc.c no validan los números de los bloques de mapa de bits. • http://openwall.com/lists/oss-security/2018/03/29/1 https://bugzilla.kernel.org/show_bug.cgi?id=199181 https://bugzilla.redhat.com/show_bug.cgi?id=1560782 https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https:// • CWE-125: Out-of-bounds Read •
CVE-2017-18255
https://notcve.org/view.php?id=CVE-2017-18255
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. La función perf_cpu_time_max_percent_handler en kernel/events/core.c en el kernel de Linux en versiones anteriores a la 4.11 permite que los usuarios locales provoquen una denegación de servicio (desbordamiento de enteros) o, posiblemente, otro impacto no especificado mediante un valor de gran tamaño, tal y como queda demostrado con un cálculo incorrecto de la frecuencia de muestreo. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d http://www.securityfocus.com/bid/103607 https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3696-1 https://usn.ubuntu.com/3696-2 https://usn.ubuntu.com/3754-1 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-1091 – kernel: guest kernel crash during core dump on POWER9 host
https://notcve.org/view.php?id=CVE-2018-1091
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service. En la función flush_tmregs_to_thread en arch/powerpc/kernel/ptrace.c en el kernel de Linux, en versiones anteriores a la 4.13.5, se puede desencadenar un cierre inesperado del kernel invitado desde un espacio de usuario sin privilegios durante un volcado de memoria en un host POWER. Esto se debe a la falta de verificación de la funcionalidad del procesador y un uso erróneo de las instrucciones de la memoria transaccional (TM) en la ruta de volcado de memoria, lo que da lugar a una denegación de servicio (DoS). A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70 http://openwall.com/lists/oss-security/2018/03/27/4 https://access.redhat.com/errata/RHSA-2018:1318 https://access.redhat.com/security/cve/cve-2018-1091 https://bugzilla.redhat.com/show_bug.cgi?id=1558149 https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70 https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2 https://www.kernel.org/pub/linux • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-391: Unchecked Error Condition •
CVE-2017-18249
https://notcve.org/view.php?id=CVE-2017-18249
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. La función add_free_nid en fs/f2fs/noce.c en el kernel de Linux, en versiones anteriores a la 4.12, no rastrea correctamente un nid asignado, lo cual podría permitir a los usuarios locales provocar una denegación de servicio (condición de carrera) o, posiblemente, causar otro impacto sin especificar mediante hilos concurrentes. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3 http://www.securitytracker.com/id/1041432 https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://usn.ubuntu.com/3932-1 https://usn.ubuntu.com/3932-2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •