CVE-2018-13095

MEDIUM

Description

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.

References

https://access.redhat.com/errata/RHSA-2019:1350

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://bugzilla.kernel.org/show_bug.cgi?id=199915

https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=23fcb3340d033d9f081e21e6c12c2db7eaa541d3

https://github.com/torvalds/linux/commit/23fcb3340d033d9f081e21e6c12c2db7eaa541d3

Details

Source: MITRE

Published: 2018-07-03

Updated: 2020-08-24

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.17.3 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
148498Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4904-1)NessusUbuntu Local Security Checks
high
148493Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4907-1)NessusUbuntu Local Security Checks
high
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
high
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
high
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
high
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
high
125713RHEL 7 : kernel-alt (RHSA-2019:1350)NessusRed Hat Local Security Checks
medium
125101EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)NessusHuawei Local Security Checks
critical
123329openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)NessusSuSE Local Security Checks
high
120418Fedora 28 : kernel (2018-50075276e8)NessusFedora Local Security Checks
high
120118SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:2980-1)NessusSuSE Local Security Checks
high
118034SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)NessusSuSE Local Security Checks
high
117988openSUSE Security Update : the Linux Kernel (openSUSE-2018-1140)NessusSuSE Local Security Checks
high
117800SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2858-1)NessusSuSE Local Security Checks
high
117629SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2776-1)NessusSuSE Local Security Checks
high
117523openSUSE Security Update : the Linux Kernel (openSUSE-2018-1016)NessusSuSE Local Security Checks
high
111243Fedora 27 : kernel (2018-8484550fff)NessusFedora Local Security Checks
high