CVE-2018-13095

kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.

Se ha descubierto un problema en fs/xfs/libxfs/xfs_inode_buf.c en el kernel de Linux hasta la versión 4.17.3. Puede ocurrir una denegación de servicio (corrupción de memoria y BUG) para una imagen xfs corrupta después de encontrarse con un inode con formato extendido, pero tiene más extensiones que cabrían en el fork inode.

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel. A denial of service due to the NULL pointer dereference can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.

Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-07-03 CVE Reserved
2018-07-03 CVE Published
2024-08-05 CVE Updated
2025-07-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference
CWE-787: Out-of-bounds Write

CAPEC

References (8)

URL	Tag	Source
https://bugzilla.kernel.org/show_bug.cgi?id=199915	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3	2020-08-24
https://github.com/torvalds/linux/commit/23fcb3340d033d9f081e21e6c12c2db7eaa541d3	2020-08-24

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2019:1350	2020-08-24
https://access.redhat.com/errata/RHSA-2019:2029	2020-08-24
https://access.redhat.com/errata/RHSA-2019:2043	2020-08-24
https://access.redhat.com/security/cve/CVE-2018-13095	2019-08-07
https://bugzilla.redhat.com/show_bug.cgi?id=1597775	2019-08-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.17.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.17.3"		-		Affected