CVE-2018-10840

Опубликовано: 16 июл. 2018

Источник: ubuntu

Приоритет: low

CVSS2: 7.2

CVSS3: 6.6

Описание

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	4.15.0-33.36
cosmic	not-affected	4.17.0-6.7
devel	not-affected	4.18.0-10.11
esm-infra-legacy/trusty	not-affected
esm-infra/bionic	released	4.15.0-33.36
esm-infra/xenial	not-affected
precise/esm	not-affected
trusty	not-affected
trusty/esm	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	4.15.0-1020.20
cosmic	not-affected	4.15.0-1020.20
devel	not-affected	4.18.0-1002.3
esm-infra-legacy/trusty	not-affected
esm-infra/bionic	released	4.15.0-1020.20
esm-infra/xenial	not-affected
precise/esm	DNE
trusty	not-affected
trusty/esm	not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	4.15.0-1022.23
cosmic	not-affected	4.18.0-1003.3
devel	not-affected	4.18.0-1003.3
esm-infra-legacy/trusty	not-affected	4.15.0-1023.24~14.04.1
esm-infra/bionic	released	4.15.0-1022.23
esm-infra/xenial	released	4.15.0-1022.22~16.04.1
precise/esm	DNE
trusty	not-affected	4.15.0-1023.24~14.04.1
trusty/esm	not-affected	4.15.0-1023.24~14.04.1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	not-affected	4.18.0-1003.3~18.04.1
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.18.0-1003.3~18.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	4.15.0-1018.19
cosmic	not-affected	4.15.0-1018.19
devel	not-affected	4.18.0-1002.3
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	4.15.0-1018.19
esm-infra/xenial	released	4.15.0-1018.19~16.04.2
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1
xenial	ignored	end of standard support, was needs-triage

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	not-affected
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected
esm-infra/xenial	released	4.15.0-33.36~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	not-affected	4.18.0-11.12~18.04.1
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	4.18.0-11.12~18.04.1
esm-infra/xenial	released	4.15.0-33.36~16.04.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	4.15.0-1020.20
cosmic	not-affected	4.15.0-1020.20
devel	not-affected	4.18.0-1003.3
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	4.15.0-1020.20
esm-infra/xenial	not-affected
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	not-affected
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [end of standard support]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [end of standard support]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [end of standard support]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [end of standard support]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	not-affected
precise/esm	DNE
trusty	not-affected
trusty/esm	not-affected
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-apps/xenial	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [abandoned]]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was ignored [abandoned]
upstream	released	4.18~rc1
xenial	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	4.15.0-1017.20
cosmic	not-affected	4.15.0-1017.20
devel	not-affected	4.15.0-1021.24
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	4.15.0-1017.20
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	4.15.0-1021.23
cosmic	not-affected	4.15.0-1021.23
devel	not-affected	4.18.0-1005.7
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1
xenial	not-affected

Показывать по

Релиз	Статус	Примечание
artful	not-affected
bionic	not-affected
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	released	4.18~rc1
xenial	not-affected

Показывать по

Ссылки на источники

7.2 High

CVSS2

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2018-10840

CVSS3: 5.2

redhat

почти 8 лет назад

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

CVE-2018-10840

CVSS3: 6.6

nvd

больше 7 лет назад

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

CVE-2018-10840

CVSS3: 6.6

debian

больше 7 лет назад

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/e ...

GHSA-mq9x-53x3-39h5

CVSS3: 6.6

github

больше 3 лет назад

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

BDU:2019-02397

CVSS3: 6.6

fstec

больше 7 лет назад

Уязвимость функции ext4_xattr_set_entry ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код с повышенными привилегиями или вызвать отказ в обслуживании

7.2 High

CVSS2

6.6 Medium

CVSS3

CVE-2018-10840

Описание

Пакет linux

Пакет linux-aws

Пакет linux-azure

Пакет linux-azure-edge

Пакет linux-euclid

Пакет linux-flo

Пакет linux-gcp

Пакет linux-gke

Пакет linux-goldfish

Пакет linux-grouper

Пакет linux-hwe

Пакет linux-hwe-edge

Пакет linux-kvm

Пакет linux-lts-trusty

Пакет linux-lts-utopic

Пакет linux-lts-vivid

Пакет linux-lts-wily

Пакет linux-lts-xenial

Пакет linux-maguro

Пакет linux-mako

Пакет linux-manta

Пакет linux-oem

Пакет linux-raspi2

Пакет linux-snapdragon

Ссылки на источники

Связанные уязвимости