UBUNTU-CVE-2018-13093
Vulnerability Summary
Timeline
Description
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
CVSS Metrics
- v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Systems
- ubuntu•linux
all | < 4.4.0-201.233 | < 4.15.0-58.64
- ubuntu•linux-aws
< 4.4.0-1085.89 | < 4.4.0-1121.135 | < 4.15.0-1047.49
- ubuntu•linux-aws-fips
< 4.15.0-2018.18 | all
- ubuntu•linux-aws-hwe
< 4.15.0-1047.49~16.04.1
- ubuntu•linux-azure
< 4.15.0-1059.64~14.04.1 | < 4.15.0-1055.60 | < 4.18.0-1011.11~18.04.1
- ubuntu•linux-azure-fde
all
- ubuntu•linux-azure-fips
< 4.15.0-2006.7 | all
- ubuntu•linux-bluefield
all
- ubuntu•linux-fips
< 4.4.0-1055.61 | all
- ubuntu•linux-gcp
< 4.15.0-1040.42~16.04.1 | < 4.15.0-1040.42
- ubuntu•linux-gcp-fips
all
- ubuntu•linux-gke-4.15
< 4.15.0-1040.42
- ubuntu•linux-hwe
< 4.15.0-58.64~16.04.1
- ubuntu•linux-intel-iot-realtime
all
- ubuntu•linux-kvm
< 4.4.0-1087.96 | < 4.15.0-1042.42
- ubuntu•linux-lts-xenial
< 4.4.0-201.233~14.04.1
- ubuntu•linux-nvidia
all
- ubuntu•linux-oem
< 4.15.0-1050.57
- ubuntu•linux-oracle
< 4.15.0-1021.23~16.04.1 | < 4.15.0-1021.23
- ubuntu•linux-raspi-realtime
all
- ubuntu•linux-raspi2
< 4.4.0-1145.155 | < 4.15.0-1043.46
- ubuntu•linux-realtime
all
- ubuntu•linux-riscv
all
- ubuntu•linux-snapdragon
< 4.4.0-1149.159 | < 4.15.0-1060.66
References (9)
- https://ubuntu.com/security/CVE-2018-13093
- https://bugzilla.kernel.org/show_bug.cgi?id=199367
- https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=afca6c5b2595fc44383919fba740c194b0b76aff
- https://github.com/torvalds/linux/commit/afca6c5b2595fc44383919fba740c194b0b76aff
- https://ubuntu.com/security/notices/USN-4094-1
- https://ubuntu.com/security/notices/USN-4118-1
- https://ubuntu.com/security/notices/USN-4709-1
- https://ubuntu.com/security/notices/USN-4708-1
- https://www.cve.org/CVERecord?id=CVE-2018-13093