OVAL Reference oval:com.ubuntu.bionic:def:2018108830000000

Oval Definition:

oval:com.ubuntu.bionic:def:2018108830000000

Revision Date:	2018-07-30	Version:	1
Title:	CVE-2018-10883 on Ubuntu 18.04 LTS (bionic) - low.
Description:	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. Wen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash).
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2018-10883
Platform(s):	Ubuntu 18.04 LTS	Product(s):
Definition Synopsis
Ubuntu 18.04 LTS (bionic) is installed. AND Package Information linux package in bionic was vulnerable but has been fixed (note: '4.15.0-44.47'). OR linux-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1032.34'). OR linux-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1037.39'). OR linux-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1027.28'). OR linux-hwe package in bionic, is related to the CVE in some way and has been fixed (note: '4.18.0-13.14~18.04.1'). OR linux-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1029.29'). OR linux-meta package in bionic was vulnerable but has been fixed (note: '4.15.0-44.47'). OR linux-meta-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1032.34'). OR linux-meta-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1037.39'). OR linux-meta-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1027.28'). OR linux-meta-hwe package in bionic, is related to the CVE in some way and has been fixed (note: '4.18.0-13.14~18.04.1'). OR linux-meta-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1029.29'). OR linux-meta-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.38'). OR linux-meta-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1008.10'). OR linux-meta-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1031.33'). OR linux-meta-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1053.57'). OR linux-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.38'). OR linux-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1008.10'). OR linux-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1031.33'). OR linux-signed package in bionic was vulnerable but has been fixed (note: '4.15.0-44.47'). OR linux-signed-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1037.39'). OR linux-signed-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1027.28'). OR linux-signed-hwe package in bionic, is related to the CVE in some way and has been fixed (note: '4.18.0-13.14~18.04.1'). OR linux-signed-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1033.38'). OR linux-signed-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1008.10'). OR linux-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1053.57').

BACK