The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.

CNA Affected

[
  {
    "product": "Linux kernel through version 4.15",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Linux kernel through version 4.15"
      }
    ]
  }
]

References

openwall.com/lists/oss-security/2018/03/29/1

access.redhat.com/errata/RHSA-2018:2948

access.redhat.com/errata/RHSA-2018:3083

access.redhat.com/errata/RHSA-2018:3096

bugzilla.kernel.org/show_bug.cgi?id=199179

bugzilla.kernel.org/show_bug.cgi?id=199275

bugzilla.redhat.com/show_bug.cgi?id=1560777

git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44

lists.debian.org/debian-lts-announce/2018/05/msg00000.html

usn.ubuntu.com/3676-1/

usn.ubuntu.com/3676-2/

usn.ubuntu.com/3677-1/

usn.ubuntu.com/3677-2/

usn.ubuntu.com/3678-1/

usn.ubuntu.com/3678-2/

usn.ubuntu.com/3678-3/

usn.ubuntu.com/3678-4/

usn.ubuntu.com/3754-1/

www.debian.org/security/2018/dsa-4187

www.debian.org/security/2018/dsa-4188

redhatcve 1

veracode 1

ubuntucve 1

altlinux 1

cve 1

prion 1

nvd 1

debiancve 1

slackware 1

openvas 28

nessus 44

ubuntu 9

photon 4

cloudfoundry 1

oraclelinux 4

mageia 3

ibm 3

suse 2

debian 5

osv 3

redhat 3

centos 1

lenovo 1

redhatcve

CVE-2018-1092

2019-11-08 09:33:29

veracode

Denial Of Service (DoS)

2019-05-16 03:18:35

ubuntucve

CVE-2018-1092

2018-04-01 00:00:00

altlinux

Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.129-alt0.M80P.1

2018-04-26 00:00:00

cve

CVE-2018-1092

2018-04-02 03:29:00

prion

Null pointer dereference

2018-04-02 03:29:00

nvd

CVE-2018-1092

2018-04-02 03:29:00

debiancve

CVE-2018-1092

2018-04-02 03:29:00

slackware

[slackware-security] Slackware 14.2 kernel

2018-05-23 06:37:00

openvas

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1229)

2020-01-23 00:00:00

Slackware: Security Advisory (SSA:2018-142-01)

2022-04-21 00:00:00

Ubuntu: Security Advisory (USN-3678-2)

2018-06-12 00:00:00

nessus

EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1229)

2019-04-04 00:00:00

Photon OS 2.0: Linux PHSA-2018-2.0-0041

2019-02-07 00:00:00

Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-142-01)

2018-05-23 00:00:00

ubuntu

Linux kernel (Azure) vulnerabilities

2018-06-12 00:00:00

Linux kernel vulnerabilities

2018-06-12 00:00:00

Linux kernel (Raspberry Pi 2) vulnerabilities

2018-06-15 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0041

2018-05-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0132

2018-05-03 00:00:00

Important Photon OS Security Update - PHSA-2018-0041

2018-05-03 00:00:00

cloudfoundry

USN-3676-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

2018-06-20 00:00:00

oraclelinux

Unbreakable Enterprise kernel security update

2019-01-04 00:00:00

Unbreakable Enterprise kernel security update

2019-01-03 00:00:00

Unbreakable Enterprise kernel security update

2019-01-04 00:00:00

mageia

Updated kernel packages fix security vulnerabilities

2018-05-18 18:27:18

Updated kernel-tmb packages fix security vulnerabilities

2018-05-31 23:34:08

Updated kernel-linus packages fix security vulnerabilities

2018-05-31 23:34:08

ibm

Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

2018-09-26 19:00:02

Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities

2019-06-27 08:40:01

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

2019-05-17 16:05:02

suse

Security update for the Linux Kernel (important)

2018-06-21 18:19:06

Security update for the Linux Kernel (important)

2018-07-28 15:17:43

debian

[SECURITY] [DSA 4188-1] linux security update

2018-05-01 17:12:08

[SECURITY] [DSA 4188-1] linux security update

2018-05-01 17:12:08

[SECURITY] [DLA 1369-1] linux security update

2018-05-02 20:58:29

osv

linux - security update

2018-04-30 00:00:00

linux - security update

2018-05-01 00:00:00

linux - security update

2018-05-01 00:00:00

redhat

(RHSA-2018:3096) Important: kernel-rt security, bug fix, and enhancement update

2018-10-30 04:18:28

(RHSA-2018:3083) Important: kernel security, bug fix, and enhancement update

2018-10-30 04:16:59

(RHSA-2018:2948) Important: kernel-alt security, bug fix, and enhancement update

2018-10-30 08:15:20

centos

bpftool, kernel, perf, python security update

2018-11-15 18:40:28

lenovo

AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US

2020-04-13 19:22:04

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVELIST:CVE-2018-1092