CVE-2018-11412
Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
En el kernel de Linux de la versiĆ³n 4.13 hasta la 4.16.11, ext4_read_inline_data() en fs/ext4/inline.c realiza un memcpy con un valor de longitud no fiable en ciertas circunstancias que implica un sistema de archivos manipulado que almacena el valor de atributo extendido system.data en un nodo dedicado.
The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation.
Piotr Gabriel Kosinski and Daniel Shapira discovered a stack-based buffer overflow in the CDROM driver implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues have also been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-24 CVE Reserved
- 2018-05-24 CVE Published
- 2018-06-05 First Exploit
- 2024-08-05 CVE Updated
- 2025-04-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
- CWE-805: Buffer Access with Incorrect Length Value
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104291 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/148054 | 2018-06-05 | |
| https://www.exploit-db.com/exploits/44832 | 2024-08-05 | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1580 | 2024-08-05 | |
| https://bugzilla.kernel.org/show_bug.cgi?id=199803 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:0525 | 2019-03-15 | |
| https://usn.ubuntu.com/3752-1 | 2019-03-15 | |
| https://usn.ubuntu.com/3752-2 | 2019-03-15 | |
| https://usn.ubuntu.com/3752-3 | 2019-03-15 | |
| https://access.redhat.com/security/cve/CVE-2018-11412 | 2019-03-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1582358 | 2019-03-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.13 <= 4.16.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.13 <= 4.16.11" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||