CVE-2018-13093

Опубликовано: 12 апр. 2018

Источник: redhat

CVSS3: 5

EPSS Низкий

Описание

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.

An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2019:2043	07.08.2019
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2019:2029	06.08.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1597766kernel: NULL pointer dereference in lookup_slow function

EPSS

Процентиль: 32%

0.00124

Низкий

5 Medium

CVSS3

Связанные уязвимости

CVE-2018-13093

CVSS3: 5.5

ubuntu

около 7 лет назад

CVE-2018-13093

CVSS3: 5.5

nvd

около 7 лет назад

CVE-2018-13093

CVSS3: 5.5

debian

около 7 лет назад

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel thr ...

GHSA-rhjq-jcf3-f32g

CVSS3: 5.5

github

около 3 лет назад

SUSE-SU-2018:2862-1

suse-cvrf

почти 7 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 32%

0.00124

Низкий

5 Medium

CVSS3