CVE-2018-1094NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference17 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 48.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelDebian LinuxCanonical Ubuntu Linux+3 more
Timeline
PublishedApr 2
Latest updateMay 13

Description

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

Debianlinux/linux_kernel< 4.15.17-1+3
Ubuntulinux/linux_kernel< 4.15.0-24.26+1
NVDlinux/linux_kernel4.15.15
debiandebian/linux< linux 4.15.17-1 (bookworm)

Also affects: Ubuntu Linux 16.04, 18.04

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

7
GHSA
GHSA-qqjj-7xjv-r736: The ext4_fill_super function in fs/ext4/super2022-05-13
OSV
linux-hwe, linux-azure, linux-gcp regression2018-07-21
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem regression2018-07-21
OSV
linux-hwe, linux-azure vulnerabilities2018-07-02
OSV
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities2018-07-02

📋Vendor Advisories

6
Ubuntu
Linux kernel regression2018-07-21
Ubuntu
Linux kernel (HWE) regression2018-07-21
Ubuntu
Linux kernel (HWE) vulnerabilities2018-07-02
Ubuntu
Linux kernel vulnerabilities2018-07-02
Red Hat
kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image2018-03-22

💬Community

2
Bugzilla
CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image2018-03-27
Bugzilla
CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image [fedora-all]2018-03-27