CVE - CVE-2018-1093

CVE-ID
CVE-2018-1093	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:DSA-4188 URL:https://www.debian.org/security/2018/dsa-4188 MISC:USN-3676-1 URL:https://usn.ubuntu.com/3676-1/ MISC:USN-3676-2 URL:https://usn.ubuntu.com/3676-2/ MISC:USN-3752-1 URL:https://usn.ubuntu.com/3752-1/ MISC:USN-3752-2 URL:https://usn.ubuntu.com/3752-2/ MISC:USN-3752-3 URL:https://usn.ubuntu.com/3752-3/ MISC:USN-3754-1 URL:https://usn.ubuntu.com/3754-1/ MISC:[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html MISC:[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html MISC:[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update URL:https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html MISC:http://openwall.com/lists/oss-security/2018/03/29/1 URL:http://openwall.com/lists/oss-security/2018/03/29/1 MISC:https://bugzilla.kernel.org/show_bug.cgi?id=199181 URL:https://bugzilla.kernel.org/show_bug.cgi?id=199181 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1560782 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1560782 MISC:https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f URL:https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
Assigning CNA
Red Hat, Inc.
Date Record Created
20171204	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20171204)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.