CVE-2018-13096
Publication date 3 July 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.
From the Ubuntu Security Team
Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash).
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
18.04 LTS bionic |
Fixed 4.15.0-58.64
|
|
16.04 LTS xenial |
Fixed 4.4.0-139.165
|
|
14.04 LTS trusty | Ignored | |
linux-aws | ||
18.04 LTS bionic |
Fixed 4.15.0-1047.49
|
|
16.04 LTS xenial |
Fixed 4.4.0-1072.82
|
|
14.04 LTS trusty |
Fixed 4.4.0-1034.37
|
|
linux-aws-hwe | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Fixed 4.15.0-1047.49~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-azure | ||
18.04 LTS bionic |
Fixed 4.18.0-1011.11~18.04.1
|
|
16.04 LTS xenial |
Fixed 4.15.0-1055.60
|
|
14.04 LTS trusty | Ignored | |
linux-azure-edge | ||
18.04 LTS bionic |
Fixed 4.18.0-1011.11~18.04.1
|
|
16.04 LTS xenial |
Fixed 4.15.0-1055.60
|
|
14.04 LTS trusty | Not in release | |
linux-euclid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-flo | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gcp | ||
18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
16.04 LTS xenial |
Fixed 4.15.0-1040.42~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-gcp-edge | ||
18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-gke-4.15 | ||
18.04 LTS bionic |
Fixed 4.15.0-1040.42
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke-5.0 | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-grouper | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-58.64~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 4.15.0-58.64~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-kvm | ||
18.04 LTS bionic |
Fixed 4.15.0-1042.42
|
|
16.04 LTS xenial |
Fixed 4.4.0-1037.43
|
|
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-vivid | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-wily | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Ignored | |
linux-lts-xenial | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 4.4.0-139.165~14.04.1
|
|
linux-maguro | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-manta | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-oem | ||
18.04 LTS bionic |
Fixed 4.15.0-1050.57
|
|
16.04 LTS xenial | Ignored | |
14.04 LTS trusty | Not in release | |
linux-oracle | ||
18.04 LTS bionic |
Fixed 4.15.0-1021.23
|
|
16.04 LTS xenial |
Fixed 4.15.0-1021.23~16.04.1
|
|
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
18.04 LTS bionic |
Fixed 4.15.0-1043.46
|
|
16.04 LTS xenial |
Fixed 4.4.0-1100.108
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
18.04 LTS bionic |
Fixed 4.15.0-1060.66
|
|
16.04 LTS xenial |
Fixed 4.4.0-1104.109
|
|
14.04 LTS trusty | Not in release |
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.5 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3821-1
- Linux kernel vulnerabilities
- 14 November 2018
- USN-4118-1
- Linux kernel (AWS) vulnerabilities
- 2 September 2019
- USN-4094-1
- Linux kernel vulnerabilities
- 13 August 2019
- USN-3821-2
- Linux kernel (Xenial HWE) vulnerabilities
- 14 November 2018
Other references
- https://bugzilla.kernel.org/show_bug.cgi?id=200167
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=e335cc683fd13882b9152937b06ff3c16c28aa34
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=c77ec61ca0a49544ca81881cc5d5529858f7e196
- https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=c77ec61ca0a49544ca81881cc5d5529858f7e196
- https://www.cve.org/CVERecord?id=CVE-2018-13096