Oval Definition:	oval:com.ubuntu.bionic:def:201811412000
Revision Date: 2018-05-24 Version: 1 Title: CVE-2018-11412 on Ubuntu 18.04 LTS (bionic) - medium. Description: In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-11412 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND Package Information The 'linux' package in bionic was vulnerable but has been fixed (note: '4.15.0-33.36'). OR The 'linux-aws' package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20'). OR The 'linux-azure' package in bionic was vulnerable but has been fixed (note: '4.15.0-1022.23'). OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in bionic is not affected (note: '4.18.0-1003.3~18.04.1'). OR The 'linux-gcp' package in bionic was vulnerable but has been fixed (note: '4.15.0-1018.19'). OR NOT While related to the CVE in some way, the 'linux-hwe' package in bionic is not affected. OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in bionic is not affected (note: '4.18.0-11.12~18.04.1'). OR The 'linux-kvm' package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20'). OR The 'linux-oem' package in bionic was vulnerable but has been fixed (note: '4.15.0-1017.20'). OR The 'linux-raspi2' package in bionic was vulnerable but has been fixed (note: '4.15.0-1021.23').
BACK