CVE-2018-10323 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference16 documents7 sources

Severity

5.5MEDIUMNVD

OSV4.3

EPSS

0.1%

top 75.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 24

Latest updateMay 13

Description

The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Debianlinux/linux_kernel< 4.16.5-1+3

▶Ubuntulinux/linux_kernel< 3.13.0-157.207+1

▶NVDlinux/linux_kernel4.16.3

▶debiandebian/linux< linux 4.16.5-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04

Patches

Patch: www.spinics.net ↗Patch: www.spinics.net ↗

🔴Vulnerability Details

GHSA

GHSA-jmph-q368-7ww2: The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap↗2022-05-13

▶

OSV

linux-azure, linux-oem, linux-gcp vulnerabilities↗2018-08-28

▶

OSV

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities↗2018-08-24

▶

OSV

linux vulnerabilities↗2018-08-24

▶

OSV

linux-hwe vulnerabilities↗2018-08-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerability↗2020-09-02

▶

Ubuntu

Linux kernel (Azure, GCP, OEM) vulnerabilities↗2018-08-28

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-24

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-08-24

▶

Ubuntu

Linux kernel vulnerabilities↗2018-08-24

▶

💬Community

Bugzilla

CVE-2018-10323 kernel: Invalid pointer dereference in xfs_bmapi_write() when mounting and operating on crafted xfs image allows denial of service↗2018-04-25

▶

Bugzilla

CVE-2018-10323 kernel: Invalid pointer dereference in xfs_bmapi_write() when mounting and operating on crafted xfs image allows denial of service [fedora-all]↗2018-04-25

▶