Multiple vulnerabilities in Linux Kernel



Published: 2018-07-09 | Updated: 2018-07-10
Risk Low
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2018-13100
CVE-2018-12928
CVE-2018-13098
CVE-2018-13099
CVE-2018-13405
CVE-2018-13406
CWE-ID CWE-369
CWE-476
CWE-125
CWE-264
CWE-190
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Divide-by-zero

EUVDB-ID: #VU13601

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-13100

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to improper validation of secs_per_zone information in a corrupted Flash-Friendly File System (F2FS) image. A local attacker can mount a specially crafted F2FS image, trigger a divide-by-zero condition in the reset_curseg() function, as defined in the fs/f2fs/super.c source code file and cause the system to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.15 - 4.17.3

External links

http://bugzilla.kernel.org/show_bug.cgi?id=200183


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Null pointer dereference

EUVDB-ID: #VU13602

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-12928

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to boundary error when mounting HFS filesystems. A local attacker can access the system, execute an application that submits malicious input, cause a NULL pointer dereference and cause the system to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.15 - 4.15.18

External links

http://bugzilla.kernel.org/show_bug.cgi?id=200183


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Buffer over-read

EUVDB-ID: #VU13600

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13098

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read in fs/f2fs/inode.c file that occurs for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.17.1 - 4.17.3

External links

http://bugzilla.kernel.org/show_bug.cgi?id=200173
http://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=3468867...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer over-read

EUVDB-ID: #VU13599

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13099

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read in fs/f2fs/inline.c file that occurs for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.17.1 - 4.17.3

External links

http://bugzilla.kernel.org/show_bug.cgi?id=200179
http://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90...
http://sourceforge.net/p/linux-f2fs/mailman/message/36356878/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security restrictions bypass

EUVDB-ID: #VU13631

Risk: Low

CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13405

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to create arbitrary files on the target system.

The vulnerability exists due to the inode_init_owner function, as defined in the fs/inode.c source code file, allows the creation of arbitrary files in set-group identification (SGID) directories. A local attacker can create arbitrary files with unintended group ownership.

Mitigation

Update to version 4.17.4.

Vulnerable software versions

Linux kernel: 4.15.0 - 4.17.3

External links

http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c82...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU13630

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13406

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in the uvesafb_setcmap function, as defined in the drivers/video/fbdev/uvesafb.c source code file. A local attacker can execute a file or program that submits malicious input, trigger memory corruption and cause the affected software to crash.

Mitigation

Update to version 4.17.4.

Vulnerable software versions

Linux kernel: 4.15.0 - 4.17.3

External links

http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bda...


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###