USN-3676-1

Advisory lineage Upstream: 8 Downstream: 0
Published: 11 Jun 2018, 22:44
Last modified:22 Apr 2026, 09:46

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Jun 2018, 22:44
Published
Vulnerability first disclosed
22 Apr 2026, 09:46
Last Modified
Vulnerability information updated

Description

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1092, CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2018-8087)

Affected Systems

  • ubuntulinux

    < 4.4.0-128.154

  • ubuntulinux-aws

    < 4.4.0-1061.70

  • ubuntulinux-kvm

    < 4.4.0-1027.32

  • ubuntulinux-raspi2

    < 4.4.0-1091.99

  • ubuntulinux-snapdragon

    < 4.4.0-1094.99

References (5)