PT-2018-2685 · Linux+5 · Linux Kernel+5

Kanda Motohiro

Publicado

2018-04-17

Atualizado

2019-10-03

CVE-2018-18690

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17

Description The issue is related to the xfs attr shortform addname function in the XFS filesystem implementation, which mishandles ATTR REPLACE operations when converting an attribute from short to long form. This can be exploited by a local attacker who can set attributes on an xfs filesystem, potentially making the filesystem non-operational until the next mount. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel versions prior to 4.17, consider updating to version 4.17 or later to resolve the issue. As a temporary workaround, restrict access to setting attributes on xfs filesystems to minimize the risk of exploitation.

Exploit

Correção

Improper Check for Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19CWE-754

Identificadores relacionados

ALT-PU-2018-1971

ALT-PU-2018-1976

ALT-PU-2019-1433

BDU:2019-01345

CESA-2018_3083

CVE-2018-18690

DLA-1715-1

DLA-1731-1

DLA-1731-2

OPENSUSE-SU-2018_3817-1

RHSA-2018:3083

RHSA-2018:3096

RHSA-2018_3083

RHSA-2018_3096

SUSE-SU-2018:3688-1

SUSE-SU-2018:3689-1

SUSE-SU-2018:3773-1

SUSE-SU-2019:0095-1

SUSE-SU-2019:0439-1

SUSE-SU-2019:1289-1

USN-3847-1

USN-3847-2

USN-3847-3

USN-3848-1

USN-3848-2

USN-3849-1

USN-3849-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-2685 · Linux+5 · Linux Kernel+5

CVE-2018-18690

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 330