CVE-2018-18690Improper Check for Unusual or Exceptional Conditions in Kernel

CWE-754Improper Check for Unusual or Exceptional ConditionsCWE-391Unchecked Error Condition19 documents7 sources
Severity
5.5MEDIUMNVD
OSV9.8OSV7.8
EPSS
0.1%
top 81.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxCanonical Ubuntu Linux+1 more
Timeline
PublishedOct 26
Latest updateMay 13

Description

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel< 4.17
Debianlinux/linux_kernel< 4.17.3-1+3
Ubuntulinux/linux_kernel< 3.13.0-164.214+2
debiandebian/linux< linux 4.17.3-1 (bookworm)

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

8
GHSA
GHSA-pw76-34wq-mpfr: In the Linux kernel before 42022-05-13
OSV
linux vulnerabilities2018-12-20
OSV
linux-azure vulnerabilities2018-12-20
OSV
linux-lts-xenial, linux-aws vulnerabilities2018-12-20
OSV
linux-hwe, linux-aws-hwe, linux-azure, linux-gcp vulnerabilities2018-12-20

📋Vendor Advisories

9
Ubuntu
Linux kernel (HWE) vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerabilities2018-12-20
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2018-12-20
Ubuntu
Linux kernel vulnerabilities2018-12-20

💬Community

1
Bugzilla
CVE-2018-18690 kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change2018-10-29