Lucene search

PRIOn knowledge basePRION:CVE-2018-13099

HistoryJul 03, 2018 - 10:29 a.m.

Out-of-bounds

2018-07-0310:29:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.1%

JSON

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

CPENameOperatorVersion
ubuntu_linuxeq18.04
ubuntu_linuxeq14.04
ubuntu_linuxeq16.04
debian_linuxeq8.0
debian_linuxeq9.0
linux_kernelle4.4
leapeq42.3

Name	Operator	Version
ubuntu_linux	eq	18.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	16.04
debian_linux	eq	8.0
debian_linux	eq	9.0
linux_kernel	le	4.4
leap	eq	42.3

References

lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html

packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.securityfocus.com/bid/104680

bugzilla.kernel.org/show_bug.cgi?id=200179

git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=3bfe2049c222b23342ff2a216cd5a869e8a14897

git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4dbe38dc386910c668c75ae616b99b823b59f3eb

lists.debian.org/debian-lts-announce/2018/10/msg00003.html

seclists.org/bugtraq/2018/Oct/4

seclists.org/bugtraq/2019/Jan/52

sourceforge.net/p/linux-f2fs/mailman/message/36356878/

usn.ubuntu.com/3932-1/

usn.ubuntu.com/3932-2/

usn.ubuntu.com/4094-1/

usn.ubuntu.com/4118-1/

www.debian.org/security/2018/dsa-4308

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for PRION:CVE-2018-13099