8 matches found
CVE-2018-13053
CVE-2018-13053 affects the Linux kernel alarm_timer_nsleep path (kernel/time/alarmtimer.c) through 4.17.3, due to an integer overflow when handling large relative timeouts because ktime_add_safe is not used. This is confirmed by multiple connected advisories (e.g., F5 security advisory summarizin...
CVE-2018-13095
CVE-2018-13095 affects the Linux kernel up to 4.17.3 in fs/xfs/libxfs/xfs_inode_buf.c. A corrupted XFS image with an inode in extent format that has more extents than fit in the inode fork can trigger memory corruption and a bug (DoS). The connected advisories (Unity Linux, various Nessus plugins...
CVE-2018-13093
CVE-2018-13093 relates to a NULL pointer dereference in Linux kernel fs/xfs/xfs_icache.c during pathwalks on a corrupted XFS image, caused by missing validation that cached inodes are freed during allocation. Impact: potential crash/DoS. Remediation: Debian LTS advisory DLA-2114-1 lists this CVE ...
CVE-2018-13094
CVE-2018-13094 affects the Linux kernel’s XFS code: a NULL bp passed to xfs_da_shrink_inode() can trigger an OOPS in fs/xfs/libxfs/xfs_attr_leaf.c for images up to kernel 4.17.3. Public docs confirm the underlying issue is a NULL pointer dereference that can cause a crash; Debian/CentOS/Red Hat a...
CVE-2018-12896
CVE-2018-12896 affects the Linux kernel up to version 4.17.3, specifically the POSIX timers path (kernel/time/posix-timers.c). An integer overflow in the overrun accounting is caused by the timer overrun values being computed with int-based accounting, which can exceed INT_MAX depending on interv...
CVE-2018-13097
The CVE-2018-13097 entry affects the Linux kernel, specifically the f2fs filesystem code in fs/f2fs/super.c up to version 4.17.3. The vulnerability is an out-of-bounds read or divide-by-zero caused by an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service. Connect...
CVE-2018-13100
CVE-2018-13100 concerns the Linux kernel, specifically fs/f2fs/super.c up to version 4.17.3, where improper validation of secs_per_zone in a corrupted f2fs image can trigger a divide-by-zero error. The connected advisories confirm the issue and reproduce conditions but do not provide a patch vers...
CVE-2018-13098
CVE-2018-13098 applies to the Linux kernel’s F2FS implementation, specifically fs/f2fs/inode.c up to version 4.17.3. The issue is a denial-of-service condition caused by a slab out-of-bounds read and a BUG when FI_EXTRA_ATTR is set in an inode of a modified F2FS image. Connected Nessus advisories...