Vulnerabilities > CVE-2018-10840 - Heap-based Buffer Overflow vulnerability in multiple products

047910
CVSS 6.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
linux
canonical
redhat
CWE-122
nessus
NVD
Published: 2018-07-16
Updated: 2023-02-13

Summary

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

Vulnerable Configurations

Part Description Count
OS
Linux
1
OS
Canonical
2
OS
Redhat
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3752-2.NASL
    descriptionUSN-3752-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id112110
    published2018-08-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112110
    titleUbuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3752-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3752-3.NASL
    descriptionIt was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id112189
    published2018-08-30
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112189
    titleUbuntu 16.04 LTS / 18.04 LTS : linux-azure, linux-oem, linux-gcp vulnerabilities (USN-3752-3)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0162.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry () with crafted ext4 image (CVE-2018-10840) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : These updated kernel-alt packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https:// access.redhat.com/articles/3824202
    last seen2020-03-18
    modified2019-01-30
    plugin id121448
    published2019-01-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121448
    titleRHEL 7 : kernel-alt (RHSA-2019:0162)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-9D0E4E40B5.NASL
    descriptionThe v4.16.12 update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-30
    plugin id110210
    published2018-05-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110210
    titleFedora 27 : kernel (2018-9d0e4e40b5)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3752-1.NASL
    descriptionIt was discovered that, when attempting to handle an out-of-memory situation, a NULL pointer dereference could be triggered in the Linux kernel in some circumstances. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-1000200) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate xattr information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10840) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) Jann Horn discovered that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id112109
    published2018-08-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112109
    titleUbuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities (USN-3752-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-537C8312FC.NASL
    descriptionThe v4.16.12 update contains important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120428
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120428
    titleFedora 28 : kernel (2018-537c8312fc)

Redhat

advisories
rhsa
idRHSA-2019:0162
rpms
  • kernel-0:4.14.0-115.5.1.el7a
  • kernel-abi-whitelists-0:4.14.0-115.5.1.el7a
  • kernel-bootwrapper-0:4.14.0-115.5.1.el7a
  • kernel-debug-0:4.14.0-115.5.1.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.5.1.el7a
  • kernel-debug-devel-0:4.14.0-115.5.1.el7a
  • kernel-debuginfo-0:4.14.0-115.5.1.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.5.1.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.5.1.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.5.1.el7a
  • kernel-devel-0:4.14.0-115.5.1.el7a
  • kernel-doc-0:4.14.0-115.5.1.el7a
  • kernel-headers-0:4.14.0-115.5.1.el7a
  • kernel-kdump-0:4.14.0-115.5.1.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.5.1.el7a
  • kernel-kdump-devel-0:4.14.0-115.5.1.el7a
  • kernel-tools-0:4.14.0-115.5.1.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.5.1.el7a
  • kernel-tools-libs-0:4.14.0-115.5.1.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.5.1.el7a
  • perf-0:4.14.0-115.5.1.el7a
  • perf-debuginfo-0:4.14.0-115.5.1.el7a
  • python-perf-0:4.14.0-115.5.1.el7a
  • python-perf-debuginfo-0:4.14.0-115.5.1.el7a

References