SB2018040412 - Denial of service in Linux Kernel
Published: April 4, 2018 Updated: October 11, 2021
Security Bulletin ID
SB2018040412
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2018-1092)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper processing of a customized ext4 image when using the ext4_iget function, as defined in the fs/ext4/inode.c source code file. A local attacker can mount a customized ext4 image, trigger NULL pointer dereference and an Out-of-Process Space (OOPS) kernel memory error and cause the service to crash.
2) Integer overflow (CVE-ID: CVE-2017-18255)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper validation of the input value from userspace when using the perf_cpu_time_max_percent_handler function, as defined in the kernel/events/core.c source code file. A local attacker can send specially crafted input that contains large values, trigger integer overflow and cause the service to crash.
3) NULL pointer dereference (CVE-ID: CVE-2018-1094)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper initialization of the crc32c checksum driver when using the ext4_fill_super function, as defined in the fs/ext4/super.c source code file. A local attacker can mount a customized ext4 image, trigger NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function and cause the service to crash.
4) NULL pointer dereference (CVE-ID: CVE-2018-1095)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper validation of xattr sizes when using the ext4_xattr_check_entries function, as defined in the fs/ext4/super.c source code file. A local attacker can mount a malicious ext4 image, trigger NULL pointer dereference in the fs/posix_acl.c:get_acl() function and cause the service to crash.
5) Out-of-bounds read (CVE-ID: CVE-2018-1093)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to improper validation of bitmap block numbers by the balloc.c and ialloc.c source codes. A local attacker can mount a customized ext4 image, trigger out-of-bounds read in the ext4/balloc.c:ext4_valid_block_bitmap() function ans cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://bugzilla.kernel.org/show_bug.cgi?id=199179
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d957009...
- https://bugzilla.kernel.org/show_bug.cgi?id=199183
- https://bugzilla.kernel.org/show_bug.cgi?id=199185
- https://bugzilla.kernel.org/show_bug.cgi?id=199181