CVE-2018-10881

Current Description

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.

Basic Data

PublishedJuly 26, 2018
Last ModifiedOctober 09, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score4.9
SeverityMEDIUM
Exploitability Score3.9
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactNONE
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score5.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score1.8
Base SeverityMEDIUM

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux18.04***lts***
    2.3OSDebianDebian Linux8.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSLinuxLinux Kernel********4.17.6
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux For Real Time7.0*******
    2.3OSRedhatEnterprise Linux For Real Time For Nfv7*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04, 16.04, 18.04
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Real Time 7.0
Redhat Enterprise Linux For Real Time For Nfv 7
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 7.0
Linux Linux Kernel *

References

NameSourceURLTags
http://patchwork.ozlabs.org/patch/929792/http://patchwork.ozlabs.org/patch/929792/CONFIRMPatch Third Party Advisory
104901http://www.securityfocus.com/bid/104901BIDThird Party Advisory VDB Entry
RHSA-2018:2948https://access.redhat.com/errata/RHSA-2018:2948REDHATThird Party Advisory
RHSA-2018:3083https://access.redhat.com/errata/RHSA-2018:3083REDHATThird Party Advisory
RHSA-2018:3096https://access.redhat.com/errata/RHSA-2018:3096REDHATThird Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200015https://bugzilla.kernel.org/show_bug.cgi?id=200015CONFIRMExploit Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881CONFIRMIssue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214bhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a3CONFIRMPatch Vendor Advisory
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new packagehttps://lists.debian.org/debian-lts-announce/2018/07/msg00020.htmlMLISTMailing List Third Party Advisory
USN-3752-1https://usn.ubuntu.com/3752-1/UBUNTUThird Party Advisory
USN-3752-2https://usn.ubuntu.com/3752-2/UBUNTUThird Party Advisory
USN-3752-3https://usn.ubuntu.com/3752-3/UBUNTUThird Party Advisory
USN-3753-1https://usn.ubuntu.com/3753-1/UBUNTUThird Party Advisory
USN-3753-2https://usn.ubuntu.com/3753-2/UBUNTUThird Party Advisory
USN-3754-1https://usn.ubuntu.com/3754-1/UBUNTUThird Party Advisory