Amazon Linux 2 : kernel (ALAS-2018-1051)

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp. This can lead to a system crash and a denial of service.CVE-2018-13094 An issue was...

Amazon Linux AMI : kernel (ALAS-2018-1048)

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsattrleaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfsdashrinkinode is called with a NULL bp. This can lead to a system crash and a denial of service.CVE-2018-13094 An issue was...

Critical: kernel

Issue Overview: A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a...

CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

DEBIAN-CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

Linux kernel buffer overflow vulnerability (CNVD-2018-14219)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'truncateinlineinode' function in the fs/f2fs/inline.c file in Linux kernel versions 4.17.10 and earlier, which stems fro...

CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

UBUNTU-CVE-2018-14615

An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncateinlineinode in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative...

Updated kernel packages fixes security vulnerabilities

This kernel update is based on the upstream 4.14.56 and fixes at least the following security issues: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptio...

Linux kernel design vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability in the 'inodeinitowner' function of the fs/inode.c file in Linux kernel versions 4.17.4 and earlier allows local users to create files with...

DEBIAN-CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

Design/Logic Flaw

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

UBUNTU-CVE-2018-13405

The inodeinitowner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigge...

CVE-2018-13095

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel. A denial of service due to the NULL pointer dereference can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

DEBIAN-CVE-2018-13099

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service out-of-bounds memory access and BUG can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr...

Design/Logic Flaw

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service slab out-of-bounds read and BUG can occur for a modified f2fs filesystem image in which FIEXTRAATTR is set in an inode...

Null pointer dereference

An issue was discovered in fs/xfs/xfsicache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookupslow on a NULL inode-iops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free...

CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...

UBUNTU-CVE-2018-13095

An issue was discovered in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.17.3. A denial of service memory corruption and BUG can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork...