CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

DEBIAN-CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

Linux Ext4 Out-Of-Bounds Memcpy

Linux ext4: out-of-bounds memcpy via non-inline system.data xattr ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock...

UBUNTU-CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

Kernel update: new kernel 3.10.0-693.21.1.vz7.46.7, Virtuozzo 7.0 Update 7 Hotfix 2 (7.0.7-453)

The Hotfix 2 for Virtuozzo 7.0 Update 7 provides a new kernel 3.10.0-693.21.1.vz7.46.7 that introduces stability and usability bug fixes. In addition, this kernel was recompiled by the updated gcc with retpolines support. Retpolines are a technique used by the kernel to reduce overhead of...

Unbreakable Enterprise kernel security update

4.1.12-124.14.2 - scsi: iscsitcp: set BDICAPSTABLEWRITES when data digest enabled Jianchao Wang Orabug: 27726302 - block: fix biowillgap for first bvec with offset Ming Lei Orabug: 27775588 - block: relax check on sg gap Ming Lei Orabug: 27775588 - block: don't optimize for non-cloned bio in...

CVE-2018-10322

CVE-2018-10322 affects the Linux kernel (up to 4.16.3) via the XFS inode verification path: xfs_dinode_verify in fs/xfs/libxfs/xfs_inode_buf.c can trigger an xfs_ilock_attr_map_shared invalid pointer dereference, allowing a local attacker to cause a denial of service. Exploitation status is not d...

DEBIAN-CVE-2018-1092

The ext4iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero ilinkscount, which allows attackers to cause a denial of service ext4processfreeddata NULL pointer dereference and OOPS via a crafted ext4 image...

Null pointer dereference

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service ext4xattrinodehash NULL pointer dereference and system crash via a crafted ext4 image...

PT-2018-1241 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.15.15 Description: The issue is related to the ext4 fill super function in the Linux kernel, which does not always initialize the crc32c checksum driver. This allows attackers to cause a denial of service via a...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3470-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3470-1 advisory. Qian Zhang discovered a heap-based buffer overflow in the tipcmsgbuild function in the Linux kernel. A local attacker could use to cause a denial of...

USN-3469-2 linux-lts-xenial vulnerabilities

USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initializ...

USN-3468-3: Linux kernel (GCP) vulnerabilities

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service host system crash. CVE-2017-1000252 It was discovered that the Flash-Friendly File System f2fs implementation in the Linux...

USN-3468-2 linux-hwe vulnerabilities

USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs...

kernel: xfs: unprivileged user kernel oops

A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171006)

Security Fixes : - Kernel memory corruption due to a buffer overflow was found in brcmfcfg80211mgmttx function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211CMDFRAME packet via netlink. This flaw is unlikely to be triggered remotely as...

kernel security and bug fix update

2.6.32-696.13.2.OL6 - Update genkey bug 25599697 2.6.32-696.13.2 - net l2cap: prevent stack overflow on incoming bluetooth packet Neil Horman 1490060 1490062 CVE-2017-1000251 - fs binfmtelf.c:loadelfbinary: return -EINVAL on zero-length mappings Petr Matousek 1492959 1492961 CVE-2017-1000253 - fs...

Linux kernel XFS_IS_REALTIME_INODE Macro Denial of Service Vulnerability

Linux kernel is an open source operating system. A security vulnerability in the XFSISREALTIMEINODE macro in the Linux kernel fs/xfs/xfslinux.h file allows local attackers to exploit the vulnerability by submitting a special request for a denial of service attack...