Fedora 28 update for kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-13053 CVE-2018-12896 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-13405 CVE-2018-13406 |
| CWE-ID | CWE-190 CWE-476 CWE-264 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU19997
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13053
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in kernel/time/alarmtimer.c within the alarm_timer_nsleep function. A local user can trigger integer overflow due to ktime_add_safe is not used and escalate privileges on the system.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU92788
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12896
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU13853
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13093
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the lookup_slow() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/xfs_icache.c due to boundary error when mounting XFS filesystems. A local attacker can mount an XFS filesystem that submits malicious input, trigger NULL pointer dereference memory error and cause the affected software to terminate abnormally.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Null pointer dereference
EUVDB-ID: #VU13852
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-13094
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Null pointer dereference
EUVDB-ID: #VU13851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the xfs_bmap_extents_to_btree() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/libxfs/xfs_inode_buf.c due to boundary error when mounting XFS filesystems. A local attacker can access the system, mount an XFS filesystem that submits malicious input, trigger a NULL pointer dereference memory error and cause the affected software to terminate abnormally.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Security restrictions bypass
EUVDB-ID: #VU13631
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13405
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to create arbitrary files on the target system.
The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU13630
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13406
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to integer overflow in the uvesafb_setcmap function, as defined in the drivers/video/fbdev/uvesafb.c source code file. A local attacker can execute a file or program that submits malicious input, trigger memory corruption and cause the affected software to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 28
kernel: before 4.17.5-200.fc28
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2018-50075276e8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
