Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-1094
HistoryApr 01, 2018 - 12:00 a.m.

CVE-2018-1094

2018-04-0100:00:00
ubuntu.com
ubuntu.com
27

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.4%

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through
4.15.15 does not always initialize the crc32c checksum driver, which allows
attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer
dereference and system crash) via a crafted ext4 image.

Bugs

Notes

Author Note
tyhicks When backporting a45403b, note this upstream bug comment: https://bugzilla.kernel.org/show_bug.cgi?id=199183#c7
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-24.26UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1011.11UNKNOWN
ubuntu18.04noarchlinux-azure< 4.15.0-1014.14UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1014.14~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure-edge< 4.15.0-1014.14UNKNOWN
ubuntu16.04noarchlinux-azure-edge< 4.15.0-1014.14~16.04.1UNKNOWN
ubuntu18.04noarchlinux-gcp< 4.15.0-1010.10UNKNOWN
ubuntu16.04noarchlinux-gcp< 4.15.0-1014.14~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.15.0-24.26~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.15.0-24.26~16.04.1UNKNOWN
Rows per page:
1-10 of 131

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.4%