Vulnerability identifier: #VU13844

Vulnerability risk: Low

CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-13097

CWE-ID: CWE-369

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the user_block_count() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input, trigger divide-by-zero memory error and cause the affected software to terminate abnormally.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

Linux kernel: 4.17.1 - 4.17.3, 4.16 - 4.16.18, 4.15.0 - 4.15.18

---

External links
http://bugzilla.kernel.org/show_bug.cgi?id=200171

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.