Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Mar 2018 03:56:09 -0400 (EDT)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: a number of CVEs for issues in the filesystem's code in the Linux
 kernel

Hello,

A number of CVEs were assigned to recently found issues in the filesystem's code in the Linux kernel:

====

CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer dereference
in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker with
privileged access could exploit this by mounting a crafted ext4 image to cause a kernel panic.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199179
https://bugzilla.redhat.com/show_bug.cgi?id=1560777

=====

CVE-2018-1093 kernel: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to an out-of-bounds
read in ext4/balloc.c:ext4_valid_block_bitmap() function. An privileged
attacker could exploit this by mounting a crafted ext4 image to cause a crash.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199181
https://bugzilla.redhat.com/show_bug.cgi?id=1560782

=====

CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer dereference
in the ext4/xattr.c:ext4_xattr_inode_hash() function. A privileged attacker could
exploit this to cause a NULL pointer dereference with a crafted ext4 image.

References:
https://bugzilla.kernel.org/show_bug.cgi?id=199183
https://bugzilla.redhat.com/show_bug.cgi?id=1560788

=====

CVE-2018-1095 kernel: NULL pointer dereference in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image

The Linux kernel through version 4.15 is vulnerable to a NULL pointer
dereference in the  fs/posix_acl.c:get_acl()function. A privileged attacker
could exploit this to cause a NULL pointer dereference with a crafted ext4
image.

References:

https://bugzilla.kernel.org/show_bug.cgi?id=199185
https://bugzilla.redhat.com/show_bug.cgi?id=1560793

=====

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ