Oval Definition:	oval:com.ubuntu.bionic:def:20181092000
Revision Date: 2018-04-01 Version: 1 Title: CVE-2018-1092 on Ubuntu 18.04 LTS (bionic) - medium. Description: The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-1092 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND Package Information The 'linux' package in bionic was vulnerable but has been fixed (note: '4.15.0-23.25'). OR The 'linux-aws' package in bionic was vulnerable but has been fixed (note: '4.15.0-1010.10'). OR The 'linux-azure' package in bionic was vulnerable but has been fixed (note: '4.15.0-1013.13'). OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.18.0-1003.3~18.04.1'). OR The 'linux-gcp' package in bionic was vulnerable but has been fixed (note: '4.15.0-1009.9'). OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '4.18.0-8.9~18.04.1'). OR The 'linux-kvm' package in bionic was vulnerable but has been fixed (note: '4.15.0-1011.11'). OR The 'linux-oem' package in bionic was vulnerable but has been fixed (note: '4.15.0-1008.11'). OR The 'linux-raspi2' package in bionic was vulnerable but has been fixed (note: '4.15.0-1012.13').
BACK