CVE-2018-1092
Publication date 1 April 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
From the Ubuntu Security Team
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic |
Fixed 4.15.0-23.25
|
|
16.04 LTS xenial |
Fixed 4.4.0-128.154
|
|
14.04 LTS trusty |
Fixed 3.13.0-157.207
|
|
linux-aws | ||
18.04 LTS bionic |
Fixed 4.15.0-1010.10
|
|
16.04 LTS xenial |
Fixed 4.4.0-1061.70
|
|
14.04 LTS trusty |
Fixed 4.4.0-1023.23
|
|
linux-azure | ||
18.04 LTS bionic |
Fixed 4.15.0-1013.13
|
|
16.04 LTS xenial |
Fixed 4.15.0-1013.13~16.04.2
|
|
14.04 LTS trusty |
Not affected
|
|
linux-azure-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-1013.13
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Fixed 4.15.0-1009.9
|
|
16.04 LTS xenial |
Fixed 4.13.0-1019.23
|
|
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.13.0-45.50~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.13.0-45.50~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Fixed 4.15.0-1011.11
|
|
16.04 LTS xenial |
Fixed 4.4.0-1027.32
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-128.154~14.04.1
|
|
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Fixed 4.15.0-1008.11
|
|
16.04 LTS xenial |
Fixed 4.13.0-1030.33
|
|
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Fixed 4.15.0-1012.13
|
|
16.04 LTS xenial |
Fixed 4.4.0-1091.99
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.4.0-1094.99
|
|
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3676-1
- Linux kernel vulnerabilities
- 11 June 2018
- USN-3676-2
- Linux kernel (Xenial HWE) vulnerabilities
- 11 June 2018
- USN-3678-4
- Linux kernel (Raspberry Pi 2) vulnerabilities
- 15 June 2018
- USN-3678-3
- Linux kernel (Azure) vulnerabilities
- 12 June 2018
- USN-3678-1
- Linux kernel vulnerabilities
- 12 June 2018
- USN-3677-1
- Linux kernel vulnerabilities
- 11 June 2018
- USN-3678-2
- Linux kernel (Azure) vulnerabilities
- 12 June 2018
- USN-3677-2
- Linux kernel (HWE) vulnerabilities
- 12 June 2018
- USN-3754-1
- Linux kernel vulnerabilities
- 24 August 2018