CVE-2018-1094
kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.15.15 no inicializa siempre el controlador de las sumas de verificación crc32c, lo que permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL en ext4_xattr_inode_hash y cierre inesperado del sistema) mediante una imagen ext4 manipulada.
The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-04 CVE Reserved
- 2018-04-02 CVE Published
- 2023-03-26 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2018/03/29/1 | Mailing List | |
| https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.kernel.org/show_bug.cgi?id=199183 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2948 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2018:3083 | 2023-02-13 | |
| https://access.redhat.com/errata/RHSA-2018:3096 | 2023-02-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1560788 | 2018-10-30 | |
| https://usn.ubuntu.com/3695-1 | 2023-02-13 | |
| https://usn.ubuntu.com/3695-2 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2018-1094 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.15.15 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.15.15" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||