| Revision Date: | 2018-04-01 | Version: | 1 | | Title: | CVE-2018-1092 on Ubuntu 18.10 (cosmic) - medium. | | Description: | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2018-1092
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
linux package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-23.25').
OR linux-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1010.10').
OR linux-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13').
OR linux-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1009.9').
OR linux-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1011.11').
OR linux-meta package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-23.25').
OR linux-meta-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1010.10').
OR linux-meta-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13').
OR linux-meta-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1009.9').
OR linux-meta-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1011.11').
OR linux-meta-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.11').
OR linux-meta-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.23').
OR linux-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.11').
OR linux-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1021.23').
OR linux-signed package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-23.25').
OR linux-signed-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1013.13').
OR linux-signed-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1009.9').
OR linux-signed-oem package in cosmic, is related to the CVE in some way and has been fixed (note: '4.15.0-1008.11').
|
|