Oval Definition:oval:com.ubuntu.xenial:def:2018130980000000
Revision Date:2018-07-03Version:1
Title:CVE-2018-13098 on Ubuntu 16.04 LTS (xenial) - low.
Description:An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-13098
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • linux package in xenial is affected and needs fixing.
  • OR linux-aws package in xenial is affected and needs fixing.
  • OR linux-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1047.49~16.04.1').
  • OR linux-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1055.60').
  • OR linux-euclid: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needed ESM criteria').
  • OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1040.42~16.04.1').
  • OR linux-gke: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life').
  • OR linux-goldfish: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life').
  • OR linux-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-58.64~16.04.1').
  • OR linux-kvm package in xenial is affected and needs fixing.
  • OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-meta package in xenial is affected and needs fixing.
  • OR linux-meta-aws package in xenial is affected and needs fixing.
  • OR linux-meta-aws-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-1047.49~16.04.1').
  • OR linux-meta-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1055.60').
  • OR linux-meta-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1040.42~16.04.1').
  • OR linux-meta-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-58.64~16.04.1').
  • OR linux-meta-kvm package in xenial is affected and needs fixing.
  • OR linux-meta-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1021.23~16.04.1').
  • OR linux-meta-raspi2 package in xenial is affected and needs fixing.
  • OR linux-meta-snapdragon package in xenial is affected and needs fixing.
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needed now end-of-life').
  • OR linux-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1021.23~16.04.1').
  • OR linux-raspi2 package in xenial is affected and needs fixing.
  • OR linux-signed package in xenial is affected and needs fixing.
  • OR linux-signed-azure package in xenial was vulnerable but has been fixed (note: '4.15.0-1055.60').
  • OR linux-signed-gcp package in xenial was vulnerable but has been fixed (note: '4.15.0-1040.42~16.04.1').
  • OR linux-signed-hwe package in xenial was vulnerable but has been fixed (note: '4.15.0-58.64~16.04.1').
  • OR linux-signed-oracle package in xenial was vulnerable but has been fixed (note: '4.15.0-1021.23~16.04.1').
  • OR linux-snapdragon package in xenial is affected and needs fixing.
    • BACK