PT-2018-11064 · Linux+3 · Linux Kernel+3

Shankara Pailoor

Publicado

2018-06-12

Atualizado

2024-02-09

CVE-2018-12233

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.17.1

Description A memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This issue can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs xattr.

Recommendations For Linux kernel versions through 4.17.1, as a temporary workaround, consider restricting access to the setxattr function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2018-1971

ALT-PU-2018-1976

ALT-PU-2019-1433

CVE-2018-12233

DLA-1422-1

DLA-1422-2

DLA-1423-1

OPENSUSE-SU-2018_1773-1

OPENSUSE-SU-2018_2119-1

SUSE-SU-2018:1772-1

SUSE-SU-2018:1816-1

SUSE-SU-2018:2092-1

SUSE-SU-2018:2332-1

SUSE-SU-2018:2366-1

SUSE-SU-2018:2637-1

USN-3752-1

USN-3752-2

USN-3752-3

USN-3753-1

USN-3753-2

USN-3754-1

Produtos afetados

Alt Linux

Linux Kernel

Suse

Ubuntu

PT-2018-11064 · Linux+3 · Linux Kernel+3

CVE-2018-12233

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 528