Denial of service in Linux Kernel
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-13097 CVE-2018-13096 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 |
| CWE-ID | CWE-369 CWE-125 CWE-476 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Divide by zero
EUVDB-ID: #VU13844
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13097
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the user_block_count() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input, trigger divide-by-zero memory error and cause the affected software to terminate abnormally.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLinux kernel: 4.15.0 rc4 - 4.17.3
CPE2.3 External linkshttps://bugzilla.kernel.org/show_bug.cgi?id=200171
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU13845
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13096
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the build_sit_info() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input in an abnormal bitmap size, trigger out-of-bounds memory read and cause the affected software to terminate abnormally.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLinux kernel: 4.15.0 rc4 - 4.17.3
CPE2.3https://bugzilla.kernel.org/show_bug.cgi?id=200167
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU13853
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13093
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the lookup_slow() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/xfs_icache.c due to boundary error when mounting XFS filesystems. A local attacker can mount an XFS filesystem that submits malicious input, trigger NULL pointer dereference memory error and cause the affected software to terminate abnormally.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLinux kernel: 4.15.0 rc4 - 4.17.3
CPE2.3https://bugzilla.kernel.org/show_bug.cgi?id=199367
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Null pointer dereference
EUVDB-ID: #VU13852
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-13094
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLinux kernel: 4.15.0 rc4 - 4.17.3
CPE2.3https://bugzilla.kernel.org/show_bug.cgi?id=199969
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Null pointer dereference
EUVDB-ID: #VU13851
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-13095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the xfs_bmap_extents_to_btree() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/libxfs/xfs_inode_buf.c due to boundary error when mounting XFS filesystems. A local attacker can access the system, mount an XFS filesystem that submits malicious input, trigger a NULL pointer dereference memory error and cause the affected software to terminate abnormally.
MitigationCybersecurity Help is currently unaware of any solutions addressing the vulnerability.
Vulnerable software versionsLinux kernel: 4.15.0 rc4 - 4.17.3
CPE2.3https://bugzilla.kernel.org/show_bug.cgi?id=199915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
