Vulnerabilities > CVE-2017-18241 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
linux
debian
canonical
CWE-476
nessus
NVD
Published: 2018-03-21
Updated: 2019-03-18

Summary

fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.

Vulnerable Configurations

Part Description Count
OS
Linux
3249
OS
Debian
2
OS
Canonical
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1855-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the
    last seen2020-06-01
    modified2020-06-02
    plugin id110838
    published2018-07-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110838
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1855-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-030-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-01-31
    plugin id121505
    published2019-01-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121505
    titleSlackware 14.2 : Slackware 14.2 kernel (SSA:2019-030-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3910-1.NASL
    descriptionIt was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) It was discovered that multiple integer overflows existed in the hugetlbfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7740) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122892
    published2019-03-18
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122892
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3910-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1772-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.136 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the
    last seen2020-06-01
    modified2020-06-02
    plugin id110660
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110660
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1772-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1855-2.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the
    last seen2020-06-01
    modified2020-06-02
    plugin id118272
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118272
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1855-2)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4187.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the
    last seen2020-06-01
    modified2020-06-02
    plugin id109517
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109517
    titleDebian DSA-4187-1 : linux - security update (Spectre)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0135_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121841
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121841
    titlePhoton OS 1.0: Linux PHSA-2018-1.0-0135
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-656.NASL
    descriptionThe openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture. - CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086) - CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the
    last seen2020-06-05
    modified2018-06-22
    plugin id110658
    published2018-06-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110658
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1534.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267i1/4%0 - fs/f2fs/segment.c in the Linux kernel allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.(CVE-2017-18241i1/4%0 - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581i1/4%0 - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.(CVE-2014-0077i1/4%0 - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124987
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124987
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3910-2.NASL
    descriptionUSN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service (system crash). (CVE-2017-18241) It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps(1). (CVE-2018-1120) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) It was discovered that multiple integer overflows existed in the hugetlbfs implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7740) Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. (CVE-2019-6133). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122893
    published2019-03-18
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122893
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3910-2)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0135.NASL
    descriptionAn update of 'linux', 'linux-esx' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111937
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111937
    titlePhoton OS 1.0: Linux PHSA-2018-1.0-0135 (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4188.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the
    last seen2020-06-01
    modified2020-06-02
    plugin id109518
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109518
    titleDebian DSA-4188-1 : linux - security update (Spectre)

References