Oval Definition:oval:com.ubuntu.cosmic:def:2018130990000000
Revision Date:2018-07-03Version:1
Title:CVE-2018-13099 on Ubuntu 18.10 (cosmic) - low.
Description:An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-13099
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • linux package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-9.10').
  • OR linux-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1002.3').
  • OR linux-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1003.3').
  • OR linux-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1002.3').
  • OR linux-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1003.3').
  • OR linux-meta package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-9.10').
  • OR linux-meta-aws package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1002.3').
  • OR linux-meta-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1003.3').
  • OR linux-meta-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1002.3').
  • OR linux-meta-kvm package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1003.3').
  • OR linux-meta-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-meta-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1005.7').
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-oracle: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-raspi2 package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1005.7').
  • OR linux-signed package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-9.10').
  • OR linux-signed-azure package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1003.3').
  • OR linux-signed-gcp package in cosmic, is related to the CVE in some way and has been fixed (note: '4.18.0-1002.3').
  • OR linux-signed-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
    • BACK