Vulnerability-Lookup

	Vendor	Product	Description
	SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time Extension 12-SP3

CVE-2017-18344 (GCVE-0-2017-18344)

Vulnerability from cvelistv5 – Published: 2018-07-26 19:00 – Updated: 2024-08-05 21:20

Summary

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

15 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:3540	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3591	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3459	vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1041414	vdb-entryx_refsource_SECTRACK
https://cdn.kernel.org/pub/linux/kernel/v4.x/Chan…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3590	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://github.com/torvalds/linux/commit/cef31d9a…	x_refsource_MISC
https://usn.ubuntu.com/3742-2/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/104909	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3742-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3586	vendor-advisoryx_refsource_REDHAT
https://www.exploit-db.com/exploits/45175/	exploitx_refsource_EXPLOIT-DB
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisoryx_refsource_REDHAT

Date Public

2018-07-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:20:50.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3540",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3540"
          },
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "RHSA-2018:3591",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3591"
          },
          {
            "name": "RHSA-2018:3459",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3459"
          },
          {
            "name": "1041414",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041414"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
          },
          {
            "name": "RHSA-2018:3590",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3590"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "104909",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104909"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:3586",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3586"
          },
          {
            "name": "45175",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/45175/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-14T10:57:02.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3540",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3540"
        },
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "RHSA-2018:3591",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3591"
        },
        {
          "name": "RHSA-2018:3459",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3459"
        },
        {
          "name": "1041414",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041414"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
        },
        {
          "name": "RHSA-2018:3590",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3590"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "104909",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104909"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:3586",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3586"
        },
        {
          "name": "45175",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/45175/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18344",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3540",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3540"
            },
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "RHSA-2018:3591",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3591"
            },
            {
              "name": "RHSA-2018:3459",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3459"
            },
            {
              "name": "1041414",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041414"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8"
            },
            {
              "name": "RHSA-2018:3590",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3590"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "104909",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104909"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:3586",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3586"
            },
            {
              "name": "45175",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/45175/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18344",
    "datePublished": "2018-07-26T19:00:00.000Z",
    "dateReserved": "2018-07-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T21:20:50.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10876 (GCVE-0-2018-10876)

Vulnerability from cvelistv5 – Published: 2018-07-26 18:00 – Updated: 2024-08-05 07:46

Summary

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.

Severity

5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-416

Assigner

redhat

References

14 references

URL	Tags
http://patchwork.ozlabs.org/patch/929239/	x_refsource_CONFIRM
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.kernel.org/show_bug.cgi?id=199403	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2019:0525	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/106503	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/104904	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-04-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.413Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/929239/"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199403"
          },
          {
            "name": "RHSA-2019:0525",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0525"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          },
          {
            "name": "104904",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-01T18:06:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/929239/"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199403"
        },
        {
          "name": "RHSA-2019:0525",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0525"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        },
        {
          "name": "104904",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104904"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10876",
    "datePublished": "2018-07-26T18:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:47.413Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10877 (GCVE-0-2018-10877)

Vulnerability from cvelistv5 – Published: 2018-07-18 15:00 – Updated: 2024-08-05 07:46

Summary

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

Severity

7.3 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-125

Assigner

redhat

References

12 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3754-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/106503	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/104878	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-07-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          },
          {
            "name": "104878",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104878"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-01T18:06:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        },
        {
          "name": "104878",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104878"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10877",
    "datePublished": "2018-07-18T15:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:47.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10878 (GCVE-0-2018-10878)

Vulnerability from cvelistv5 – Published: 2018-07-26 18:00 – Updated: 2024-08-05 07:46

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.

Severity

4.8 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-787

Assigner

redhat

References

16 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
http://patchwork.ozlabs.org/patch/929238/	x_refsource_CONFIRM
http://patchwork.ozlabs.org/patch/929237/	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.kernel.org/show_bug.cgi?id=199865	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-05-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:47.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/929238/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/929237/"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199865"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-09T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/929238/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/929237/"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199865"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10878",
    "datePublished": "2018-07-26T18:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:47.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10879 (GCVE-0-2018-10879)

Vulnerability from cvelistv5 – Published: 2018-07-26 18:00 – Updated: 2024-08-05 07:46

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Severity

4.2 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-416

Assigner

redhat

References

17 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/104902	vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
http://patchwork.ozlabs.org/patch/928666/	x_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.kernel.org/show_bug.cgi?id=200001	x_refsource_CONFIRM
http://patchwork.ozlabs.org/patch/928667/	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-06-08 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:46:46.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "104902",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104902"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/928666/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/928667/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-09T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "104902",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104902"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/928666/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/928667/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10879",
    "datePublished": "2018-07-26T18:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:46:46.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10880 (GCVE-0-2018-10880)

Vulnerability from cvelistv5 – Published: 2018-07-25 13:00 – Updated: 2024-08-05 07:54

Summary

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Severity

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787

Assigner

redhat

References

14 references

URL	Tags
https://usn.ubuntu.com/3821-1/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3821-2/	vendor-advisoryx_refsource_UBUNTU
http://patchwork.ozlabs.org/patch/930639/	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://bugzilla.kernel.org/show_bug.cgi?id=200005	x_refsource_CONFIRM
http://www.securityfocus.com/bid/106503	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/104907	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-06-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3821-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3821-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3821-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3821-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/930639/"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          },
          {
            "name": "104907",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104907"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-01T19:06:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3821-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3821-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3821-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3821-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/930639/"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        },
        {
          "name": "104907",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104907"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10880",
    "datePublished": "2018-07-25T13:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:34.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10881 (GCVE-0-2018-10881)

Vulnerability from cvelistv5 – Published: 2018-07-26 18:00 – Updated: 2024-08-05 07:54

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Severity

4.2 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787

Assigner

redhat

References

15 references

URL	Tags
https://usn.ubuntu.com/3752-2/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3752-3/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
http://patchwork.ozlabs.org/patch/929792/	x_refsource_CONFIRM
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/104901	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3754-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://bugzilla.kernel.org/show_bug.cgi?id=200015	x_refsource_CONFIRM
https://usn.ubuntu.com/3752-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-06-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3752-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-2/"
          },
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3752-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://patchwork.ozlabs.org/patch/929792/"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b"
          },
          {
            "name": "104901",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104901"
          },
          {
            "name": "USN-3754-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3754-1/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015"
          },
          {
            "name": "USN-3752-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3752-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3752-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-2/"
        },
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3752-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://patchwork.ozlabs.org/patch/929792/"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b"
        },
        {
          "name": "104901",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104901"
        },
        {
          "name": "USN-3754-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3754-1/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015"
        },
        {
          "name": "USN-3752-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3752-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10881",
    "datePublished": "2018-07-26T18:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:34.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10882 (GCVE-0-2018-10882)

Vulnerability from cvelistv5 – Published: 2018-07-27 18:00 – Updated: 2024-08-05 07:54

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.

Severity

4.8 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-787

Assigner

redhat

References

12 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3753-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://bugzilla.kernel.org/show_bug.cgi?id=200069	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/106503	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3753-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-06-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db"
          },
          {
            "name": "USN-3753-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-2/"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200069"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "name": "106503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106503"
          },
          {
            "name": "USN-3753-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3753-1/"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-09T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db"
        },
        {
          "name": "USN-3753-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-2/"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200069"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "name": "106503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106503"
        },
        {
          "name": "USN-3753-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3753-1/"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10882",
    "datePublished": "2018-07-27T18:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:34.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10883 (GCVE-0-2018-10883)

Vulnerability from cvelistv5 – Published: 2018-07-30 15:00 – Updated: 2024-08-05 07:54

Summary

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Severity

4.8 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE

CWE-787

Assigner

redhat

References

14 references

URL	Tags
https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3879-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3879-1/	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-5/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3871-4/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisoryx_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://usn.ubuntu.com/3871-1/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3871-3/	vendor-advisoryx_refsource_UBUNTU
https://support.f5.com/csp/article/K94735334?utm_…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
[UNKNOWN]	kernel	Affected: n/a

Date Public

2018-06-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:34.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3879-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3879-2/"
          },
          {
            "name": "USN-3879-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3879-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a"
          },
          {
            "name": "USN-3871-5",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-5/"
          },
          {
            "name": "USN-3871-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-4/"
          },
          {
            "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19"
          },
          {
            "name": "USN-3871-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3871-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3871-3/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K94735334?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-12T09:06:03.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3879-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3879-2/"
        },
        {
          "name": "USN-3879-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3879-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a"
        },
        {
          "name": "USN-3871-5",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-5/"
        },
        {
          "name": "USN-3871-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-4/"
        },
        {
          "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19"
        },
        {
          "name": "USN-3871-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3871-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3871-3/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K94735334?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10883",
    "datePublished": "2018-07-30T15:00:00.000Z",
    "dateReserved": "2018-05-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T07:54:34.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-14734 (GCVE-0-2018-14734)

Vulnerability from cvelistv5 – Published: 2018-07-29 16:00 – Updated: 2024-08-05 09:38

Summary

drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

14 references

URL	Tags
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_MISC
https://usn.ubuntu.com/3797-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3847-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3797-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://usn.ubuntu.com/3847-2/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3849-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/3849-2/	vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4308	vendor-advisoryx_refsource_DEBIAN
https://github.com/torvalds/linux/commit/cb2595c1…	x_refsource_MISC
https://usn.ubuntu.com/3847-3/	vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2019:0831	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2043	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2029	vendor-advisoryx_refsource_REDHAT

Date Public

2018-07-29 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:38:13.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
          },
          {
            "name": "USN-3797-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3797-2/"
          },
          {
            "name": "USN-3847-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-1/"
          },
          {
            "name": "USN-3797-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3797-1/"
          },
          {
            "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
          },
          {
            "name": "USN-3847-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-2/"
          },
          {
            "name": "USN-3849-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3849-1/"
          },
          {
            "name": "USN-3849-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3849-2/"
          },
          {
            "name": "DSA-4308",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4308"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
          },
          {
            "name": "USN-3847-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-3/"
          },
          {
            "name": "RHSA-2019:0831",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0831"
          },
          {
            "name": "RHSA-2019:2043",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2043"
          },
          {
            "name": "RHSA-2019:2029",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T16:06:23.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
        },
        {
          "name": "USN-3797-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3797-2/"
        },
        {
          "name": "USN-3847-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-1/"
        },
        {
          "name": "USN-3797-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3797-1/"
        },
        {
          "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
        },
        {
          "name": "USN-3847-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-2/"
        },
        {
          "name": "USN-3849-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3849-1/"
        },
        {
          "name": "USN-3849-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3849-2/"
        },
        {
          "name": "DSA-4308",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4308"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
        },
        {
          "name": "USN-3847-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-3/"
        },
        {
          "name": "RHSA-2019:0831",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0831"
        },
        {
          "name": "RHSA-2019:2043",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2043"
        },
        {
          "name": "RHSA-2019:2029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14734",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8",
              "refsource": "MISC",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
            },
            {
              "name": "USN-3797-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3797-2/"
            },
            {
              "name": "USN-3847-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3847-1/"
            },
            {
              "name": "USN-3797-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3797-1/"
            },
            {
              "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
            },
            {
              "name": "USN-3847-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3847-2/"
            },
            {
              "name": "USN-3849-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3849-1/"
            },
            {
              "name": "USN-3849-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3849-2/"
            },
            {
              "name": "DSA-4308",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4308"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/cb2595c1393b4a5211534e6f0a0fbad369e21ad8"
            },
            {
              "name": "USN-3847-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3847-3/"
            },
            {
              "name": "RHSA-2019:0831",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0831"
            },
            {
              "name": "RHSA-2019:2043",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2043"
            },
            {
              "name": "RHSA-2019:2029",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14734",
    "datePublished": "2018-07-29T16:00:00.000Z",
    "dateReserved": "2018-07-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:38:13.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-419

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2018-AVI-419

Solution

CVE-2017-18344 (GCVE-0-2017-18344)

CVE-2018-10876 (GCVE-0-2018-10876)

CVE-2018-10877 (GCVE-0-2018-10877)

CVE-2018-10878 (GCVE-0-2018-10878)

CVE-2018-10879 (GCVE-0-2018-10879)

CVE-2018-10880 (GCVE-0-2018-10880)

CVE-2018-10881 (GCVE-0-2018-10881)

CVE-2018-10882 (GCVE-0-2018-10882)

CVE-2018-10883 (GCVE-0-2018-10883)

CVE-2018-14734 (GCVE-0-2018-14734)

Tags

Sightings

Nomenclature