CVE-2018-10881Out-of-bounds Write in Kernel

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents9 sources
Severity
5.5MEDIUMNVD
CNA4.2
EPSS
0.0%
top 85.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelCanonical Ubuntu LinuxDebian Linux+5 more
Timeline
PublishedJul 26
Latest updateMay 13

Description

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 4.17.6
Debianlinux/linux_kernel< 4.17.3-1+3

Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04, Enterprise Linux 7.0, 7

Patches

Patch: patchwork.ozlabs.orgPatch: bugzilla.redhat.comPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-68p5-hvhw-rpc8: A flaw was found in the Linux kernel's ext4 filesystem2022-05-13
OSV
CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem2018-07-26
CVEList
CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem2018-07-26
Kernel
ext4: clear i_data in ext4_inode_info when removing inline data2018-06-15

📋Vendor Advisories

8
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities2018-08-28
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-08-24
Ubuntu
Linux kernel vulnerabilities2018-08-24
Ubuntu
Linux kernel vulnerabilities2018-08-24
Ubuntu
Linux kernel (HWE) vulnerabilities2018-08-24

💬Community

2
Bugzilla
CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image2018-06-29
Bugzilla
CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image [fedora-all]2018-06-29
CVE-2018-10881 — Out-of-bounds Write in Linux Kernel | cvebase