Out-of-bounds read in Linux kernel

#VU14186 Out-of-bounds read in Linux kernel

Published: 2018-08-03

Vulnerability identifier: #VU14186

Vulnerability risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14610

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the write_extent_buffer() function due to insufficient verification that each block group has a corresponding chunk at mount time in the btrfs_read_block_groups()function, as defined in fs/btrfs/extent-tree.c source code file. A local attacker can mount and operate a Btrfs filesystem image that submits malicious input, trigger an out-of-bounds read in the write_extent_buffer() function and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.17 - 4.17.10, 4.16 - 4.16.18, 4.15 - 4.15.18

External links
http://bugzilla.kernel.org/show_bug.cgi?id=199837

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Linux Kernel