PT-2018-10555 · Linux+2 · Linux Kernel+2

Jann Horn

Publicado

2018-05-24

Atualizado

2019-03-15

CVE-2018-11412

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.13 through 4.16.11

Description The issue arises in the Linux kernel when the ext4 read inline data() function in fs/ext4/inline.c performs a memcpy operation with an untrusted length value. This occurs under specific circumstances involving a crafted filesystem where the system.data extended attribute value is stored in a dedicated inode.

Recommendations For Linux kernel versions 4.13 through 4.16.11, consider updating to a version that contains a fix for this issue to prevent potential exploitation.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-1817

ALT-PU-2018-1943

ALT-PU-2019-1433

CVE-2018-11412

MGASA-2018-0324

MGASA-2018-0340

MGASA-2018-0341

RHSA-2019:0525

USN-3752-1

USN-3752-2

USN-3752-3

Produtos afetados

Alt Linux

Linux Kernel

Ubuntu

PT-2018-10555 · Linux+2 · Linux Kernel+2

CVE-2018-11412

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 68