CVE-2018-11412 - OpenCVE

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Linux	Linux Kernel
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-alt-0:4.14.0-115.6.1.el7a	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:0525	2019-03-13T00:00:00Z

References

Link	Providers
http://www.securityfocus.com/bid/104291
https://access.redhat.com/errata/RHSA-2019:0525
https://bugs.chromium.org/p/project-zero/issues/detail?id=1580
https://bugzilla.kernel.org/show_bug.cgi?id=199803
https://nvd.nist.gov/vuln/detail/CVE-2018-11412
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/
https://www.cve.org/CVERecord?id=CVE-2018-11412
https://www.exploit-db.com/exploits/44832/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-24T18:00:00

Updated: 2024-08-05T08:10:13.990Z

Reserved: 2018-05-24T00:00:00

Link: CVE-2018-11412

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-24T18:29:00.190

Modified: 2019-03-15T13:54:33.227

Link: CVE-2018-11412

Redhat

Severity : Moderate

Publid Date: 2018-05-22T00:00:00Z

Links: CVE-2018-11412 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3752-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-2/"}, {"name": "104291", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104291"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"}, {"name": "USN-3752-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-3/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"}, {"name": "44832", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/44832/"}, {"name": "RHSA-2019:0525", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:0525"}, {"name": "USN-3752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3752-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11412", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3752-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-2/"}, {"name": "104291", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104291"}, {"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"}, {"name": "USN-3752-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-3/"}, {"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199803", "refsource": "MISC", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"}, {"name": "44832", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/44832/"}, {"name": "RHSA-2019:0525", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0525"}, {"name": "USN-3752-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3752-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:10:13.990Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3752-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-2/"}, {"name": "104291", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104291"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"}, {"name": "USN-3752-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"}, {"name": "44832", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/44832/"}, {"name": "RHSA-2019:0525", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:0525"}, {"name": "USN-3752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3752-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11412", "datePublished": "2018-05-24T18:00:00", "dateReserved": "2018-05-24T00:00:00", "dateUpdated": "2024-08-05T08:10:13.990Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FC83B91-4D73-4114-AD0B-9A7EC1F4BF60", "versionEndIncluding": "4.16.11", "versionStartIncluding": "4.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode."}, {"lang": "es", "value": "En el kernel de Linux de la versi\u00f3n 4.13 hasta la 4.16.11, ext4_read_inline_data() en fs/ext4/inline.c realiza un memcpy con un valor de longitud no fiable en ciertas circunstancias que implica un sistema de archivos manipulado que almacena el valor de atributo extendido system.data en un nodo dedicado."}], "id": "CVE-2018-11412", "lastModified": "2019-03-15T13:54:33.227", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-24T18:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104291"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:0525"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1580"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199803"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3752-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3752-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3752-3/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/44832/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0525", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.6.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-03-13T00:00:00Z"}], "bugzilla": {"description": "kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image", "id": "1582358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582358"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-805", "details": ["In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.", "The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation."], "name": "CVE-2018-11412", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-11412\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11412"], "threat_severity": "Moderate"}