Oval Definition:oval:com.ubuntu.bionic:def:2018114120000000
Revision Date:2018-05-24Version:1
Title:CVE-2018-11412 on Ubuntu 18.04 LTS (bionic) - medium.
Description:In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. Jann Horn discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep xattr information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-11412
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • linux package in bionic was vulnerable but has been fixed (note: '4.15.0-33.36').
  • OR linux-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20').
  • OR linux-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1022.23').
  • OR linux-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1018.19').
  • OR linux-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20').
  • OR linux-meta package in bionic was vulnerable but has been fixed (note: '4.15.0-33.36').
  • OR linux-meta-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20').
  • OR linux-meta-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1022.23').
  • OR linux-meta-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1018.19').
  • OR linux-meta-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1020.20').
  • OR linux-meta-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1017.20').
  • OR linux-meta-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1021.23').
  • OR linux-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1017.20').
  • OR linux-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1021.23').
  • OR linux-signed package in bionic was vulnerable but has been fixed (note: '4.15.0-33.36').
  • OR linux-signed-azure package in bionic was vulnerable but has been fixed (note: '4.15.0-1022.23').
  • OR linux-signed-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1018.19').
  • OR linux-signed-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1017.20').
  • BACK