Denial of service in Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-1095 CVE-2018-1108 CVE-2018-18690 |
| CWE-ID | CWE-476 CWE-665 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU12112
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the ext4_xattr_check_entries function in fs/ext4/xattr.c due to improper validation of xattr sizes, which causes misinterpretation of a size as an error code. A remote attacker can submit a specially crafted ext4 image, trigger NULL pointer dereference and cause the service to crash.
Update to version 4.15.16.
Vulnerable software versionsLinux kernel: 4.15.0 - 4.15.15
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper initialization
EUVDB-ID: #VU12179
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1108
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the crng_ready() function due to improper initialization. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsLinux kernel: 4.8.0 - 4.16.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.8.17:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.96:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.16.4:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU15584
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-18690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of ATTR_REPLACE operations by the xfs_attr_shortform_addname function, as defined in the fs/xfs/libxfs/xfs_attr.c source code file. A local attacker can access the system and execute an application that submits malicious input, trigger corruption of the Extended File System (XFS) and cause the service to crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.14.0 rc1 - 4.16.18
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
