CVE-2018-11412
published 2018-05-24CVE-2018-11412: In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances…
PriorityP346medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EXPLOIT
EPSS
16.35%
96.6th percentile
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.17.3-1 (bookworm) | linux 4.17.3-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.17.3-1 | 4.17.3-1 |
| linux | linux_kernel | >= 0 < 4.17.3-1 | 4.17.3-1 |
| linux | linux_kernel | >= 0 < 4.17.3-1 | 4.17.3-1 |
| linux | linux_kernel | >= 0 < 4.17.3-1 | 4.17.3-1 |
| linux | linux_kernel | >= 0 < 4.15.0-33.36 | 4.15.0-33.36 |
| linux | linux_kernel | 4.13 – 4.16.11 | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2xr-7hvv-jq75: In the Linux kernel 4
ghsa_unreviewed·2022-05-14
CVE-2018-11412 [MEDIUM] CWE-416 GHSA-p2xr-7hvv-jq75: In the Linux kernel 4
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
OSV
linux-azure, linux-oem, linux-gcp vulnerabilities
osv·2018-08-28·CVSS 5.5
CVE-2018-1000200 [MEDIUM] linux-azure, linux-oem, linux-gcp vulnerabilities
linux-azure, linux-oem, linux-gcp vulnerabilities
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to construct a malicious xfs image that, when mounted, could c
OSV
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
osv·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to construct a malicious xfs image that, wh
OSV
linux-hwe vulnerabilities
osv·2018-08-24·CVSS 5.5
CVE-2018-10002 [MEDIUM] linux-hwe vulnerabilities
linux-hwe vulnerabilities
USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered tha
OSV
CVE-2018-11412: In the Linux kernel 4
osv·2018-05-24·CVSS 5.9
CVE-2018-11412 [MEDIUM] CVE-2018-11412: In the Linux kernel 4
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Kernel
ext4: do not allow external inodes for inline data
kernel_security·2018-05-22·CVSS 5.9
CVE-2018-11412 [MEDIUM] ext4: do not allow external inodes for inline data
ext4: do not allow external inodes for inline data
The inline data feature was implemented before we added support for
external inodes for xattrs. It makes no sense to support that
combination, but the problem is that there are a number of extended
attribute checks that are skipped if e_value_inum is non-zero.
Unfortunately, the inline data code is completely e_value_inum
unaware, and attempts to interpret the xattr fields as if it were an
inline xattr --- at which point, Hilarty Ensues.
This addresses CVE-2018-11412.
https://bugzilla.kernel.org/show_bug.cgi?id=199803
Reported-by: Jann Horn
Reviewed-by: Andreas Dilger
Signed-off-by: Theodore Ts'o
Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
Cc: [email protected]
Kernel
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
kernel_security·2018-05-22·CVSS 5.9
CVE-2018-11412 [MEDIUM] ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
ext4: bubble errors from ext4_find_inline_data_nolock() up to ext4_iget()
If ext4_find_inline_data_nolock() returns an error it needs to get
reflected up to ext4_iget(). In order to fix this,
ext4_iget_extra_inode() needs to return an error (and not return
void).
This is related to "ext4: do not allow external inodes for inline
data" (which fixes CVE-2018-11412) in that in the errors=continue
case, it would be useful to for userspace to receive an error
indicating that file system is corrupted.
Signed-off-by: Theodore Ts'o
Reviewed-by: Andreas Dilger
Cc: [email protected]
Ubuntu
Linux kernel (Azure, GCP, OEM) vulnerabilities
vendor_ubuntu·2018-08-28·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel (Azure, GCP, OEM) vulnerabilities
Title: Linux kernel (Azure, GCP, OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could u
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could cause
a denial of service (system crash). (CVE-2018-10323)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate xattr information. An attacker could use
this to constru
Ubuntu
Linux kernel (HWE) vulnerabilities
vendor_ubuntu·2018-08-24·CVSS 5.5
CVE-2018-1000200 [MEDIUM] Linux kernel (HWE) vulnerabilities
Title: Linux kernel (HWE) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
USN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.
It was discovered that, when attempting to handle an out-of-memory
situation, a null pointer dereference could be triggered in the Linux
kernel in some circumstances. A local attacker could use this to cause a
denial of service (system crash). (CVE-2018-1000200)
Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly validate meta-data information. An attacker could
use this to construct a malicious xfs image that, when mounted, could
Red Hat
kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
vendor_redhat·2018-05-22·CVSS 5.9
CVE-2018-11412 [MEDIUM] CWE-805 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation.
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
Package: kernel (Red Hat Enterprise Linu
Debian
CVE-2018-11412: linux - In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inl...
vendor_debian·2018·CVSS 5.9
CVE-2018-11412 [MEDIUM] CVE-2018-11412: linux - In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inl...
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Scope: local
bookworm: resolved (fixed in 4.17.3-1)
bullseye: resolved (fixed in 4.17.3-1)
forky: resolved (fixed in 4.17.3-1)
sid: resolved (fixed in 4.17.3-1)
trixie: resolved (fixed in 4.17.3-1)
No detection rules found.
Bugzilla
CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image [fedora-all]
bugzilla·2018-05-25·CVSS 5.9
CVE-2018-11412 [MEDIUM] CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image [fedora-all]
CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
bugzilla·2018-05-25·CVSS 5.9
CVE-2018-11412 [MEDIUM] CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation.
An upstream bug:
https://bugzilla.kernel.org/show_bug.cgi?id=199803
Upstream patches:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=117166efb1ee8f13c38f9e96b258f16d4923f888
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb9b5f01c33adebc31cbc236c02695f605b0e417
Discussion:
Created ker
arXiv
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
arxiv_fulltext·2022-04-26
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
The Security War in File Systems: An Empirical Study from A Vulnerability-Centric Perspective
## Abstract
This paper presents a systematic study on the security of modern file systems,
following a vulnerability-centric perspective. Specifically,
we collected 377 file system vulnerabilities committed to the CVE database in the past 20 years.
We characterize them from four dimensions that include why the vulnerabilities appear,
how the vulnerabilities can be exploited, what consequences can arise,
and how the vulnerabilities are fixed. This way, we build a deep understanding of
the attack surfaces faced by file systems, the threats imposed by the attack surfaces,
and the good and bad practices in mitigating the attacks in file systems. We envision that our study
will bring insights toward
http://www.securityfocus.com/bid/104291https://access.redhat.com/errata/RHSA-2019:0525https://bugs.chromium.org/p/project-zero/issues/detail?id=1580https://bugzilla.kernel.org/show_bug.cgi?id=199803https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://www.exploit-db.com/exploits/44832/http://www.securityfocus.com/bid/104291https://access.redhat.com/errata/RHSA-2019:0525https://bugs.chromium.org/p/project-zero/issues/detail?id=1580https://bugzilla.kernel.org/show_bug.cgi?id=199803https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://www.exploit-db.com/exploits/44832/
2018-05-24
Published