PT-2018-2685 · Linux+5 · Linux Kernel+5

Kanda Motohiro

Published

2018-04-17

Updated

2019-10-03

CVE-2018-18690

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.17

Description The issue is related to the xfs attr shortform addname function in the XFS filesystem implementation, which mishandles ATTR REPLACE operations when converting an attribute from short to long form. This can be exploited by a local attacker who can set attributes on an xfs filesystem, potentially making the filesystem non-operational until the next mount. The exploitation of this issue may allow an attacker to cause a denial of service.

Recommendations For Linux kernel versions prior to 4.17, consider updating to version 4.17 or later to resolve the issue. As a temporary workaround, restrict access to setting attributes on xfs filesystems to minimize the risk of exploitation.

Exploit

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19CWE-754

Related Identifiers

ALT-PU-2018-1971

ALT-PU-2018-1976

ALT-PU-2019-1433

BDU:2019-01345

CESA-2018_3083

CVE-2018-18690

DLA-1715-1

DLA-1731-1

DLA-1731-2

OPENSUSE-SU-2018_3817-1

RHSA-2018:3083

RHSA-2018:3096

RHSA-2018_3083

RHSA-2018_3096

SUSE-SU-2018:3688-1

SUSE-SU-2018:3689-1

SUSE-SU-2018:3773-1

SUSE-SU-2019:0095-1

SUSE-SU-2019:0439-1

SUSE-SU-2019:1289-1

USN-3847-1

USN-3847-2

USN-3847-3

USN-3848-1

USN-3848-2

USN-3849-1

USN-3849-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-2685 · Linux+5 · Linux Kernel+5

CVE-2018-18690

Weakness Enumeration

Related Identifiers

Affected Products

References · 330