PT-2018-1243 · Linux+5 · Linux Kernel+5

Wen Xu

Published

2018-03-29

Updated

2023-02-12

CVE-2018-1092

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.15.15

Description The issue is related to the ext4 iget function in the Linux kernel, which mishandles a specific case involving a root directory with a zero i links count. This can be exploited by attackers to cause a denial of service, resulting in a NULL pointer dereference and OOPS, via a crafted ext4 image. The vulnerability allows a remote attacker to cause a denial of service using a specially crafted ext4 file system image.

Recommendations For Linux kernel versions through 4.15.15, update to a version newer than 4.15.15 to resolve the issue.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2018-1557

ALT-PU-2018-1621

ALT-PU-2018-1622

ALT-PU-2018-1623

ALT-PU-2019-1433

BDU:2018-00716

CESA-2018_3083

CVE-2018-1092

DLA-1369-1

DSA-4187-1

DSA-4188-1

MGASA-2018-0249

MGASA-2018-0264

MGASA-2018-0265

OPENSUSE-SU-2018_1773-1

OPENSUSE-SU-2018_2119-1

RHSA-2018:2948

RHSA-2018:3083

RHSA-2018:3096

RHSA-2018_3083

RHSA-2018_3096

SUSE-SU-2018:1761-1

SUSE-SU-2018:1762-1

SUSE-SU-2018:1816-1

SUSE-SU-2018:1855-1

SUSE-SU-2018:1855-2

SUSE-SU-2018:2092-1

USN-3676-1

USN-3676-2

USN-3677-1

USN-3677-2

USN-3678-1

USN-3678-2

USN-3678-3

USN-3678-4

USN-3754-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-1243 · Linux+5 · Linux Kernel+5

CVE-2018-1092

Weakness Enumeration

Related Identifiers

Affected Products

References · 557