BDU:2019-01057

Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-10879

Published: 2018-07-26
Modified: 2024-11-21

CVE-2018-10879

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

http://patchwork.ozlabs.org/patch/928666/
http://patchwork.ozlabs.org/patch/928666/
http://patchwork.ozlabs.org/patch/928667/
http://patchwork.ozlabs.org/patch/928667/
104902
104902
RHSA-2018:2948
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018:3096
https://bugzilla.kernel.org/show_bug.cgi?id=200001
https://bugzilla.kernel.org/show_bug.cgi?id=200001
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
USN-3753-1
USN-3753-1
USN-3753-2
USN-3753-2
USN-3871-1
USN-3871-1
USN-3871-3
USN-3871-3
USN-3871-4
USN-3871-4
USN-3871-5
USN-3871-5

Version: 2.1.0

Package kernel-image-std-def update in c7.1 on 2018-10-24

ALT-PU-2018-2554-1

Closed vulnerabilities

BDU:2019-01057

CVE-2018-10879