Denial of service in Linux Kernel



Published: 2018-04-25 | Updated: 2018-10-30
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-1095
CVE-2018-1108
CVE-2018-18690
CWE-ID CWE-476
CWE-665
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU12112

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the ext4_xattr_check_entries function in fs/ext4/xattr.c due to improper validation of xattr sizes, which causes misinterpretation of a size as an error code. A remote attacker can submit a specially crafted ext4 image, trigger NULL pointer dereference and cause the service to crash.

Mitigation

Update to version 4.15.16.

Vulnerable software versions

Linux kernel: 4.15.0 - 4.15.15

External links

http://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=ce3fd194fcc6fbdc00ce095a85...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper initialization

EUVDB-ID: #VU12179

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1108

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the crng_ready() function due to improper initialization. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.8.0 - 4.16.4

External links

http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU15584

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18690

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of ATTR_REPLACE operations by the xfs_attr_shortform_addname function, as defined in the fs/xfs/libxfs/xfs_attr.c source code file. A local attacker can access the system and execute an application that submits malicious input, trigger corruption of the Extended File System (XFS) and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.14.0 - 4.16.18

External links

http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###