{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-10-26T00:00:00", "descriptions": [{"lang": "en", "value": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-01T20:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-3848-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3848-2/"}, {"name": "USN-3847-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3847-1/"}, {"name": "USN-3847-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3847-2/"}, {"name": "USN-3849-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3849-1/"}, {"name": "USN-3849-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3849-2/"}, {"name": "USN-3848-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3848-1/"}, {"name": "USN-3847-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3847-3/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025"}, {"name": "105753", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105753"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"tags": ["x_refsource_MISC"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-3848-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3848-2/"}, {"name": "USN-3847-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3847-1/"}, {"name": "USN-3847-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3847-2/"}, {"name": "USN-3849-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3849-1/"}, {"name": "USN-3849-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3849-2/"}, {"name": "USN-3848-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3848-1/"}, {"name": "USN-3847-3", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3847-3/"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1105025", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025"}, {"name": "105753", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105753"}, {"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199119", "refsource": "MISC", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c", "refsource": "MISC", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"name": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:16:00.371Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3848-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3848-2/"}, {"name": "USN-3847-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3847-1/"}, {"name": "USN-3847-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3847-2/"}, {"name": "USN-3849-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3849-1/"}, {"name": "USN-3849-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3849-2/"}, {"name": "USN-3848-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3848-1/"}, {"name": "USN-3847-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3847-3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025"}, {"name": "105753", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105753"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119"}, {"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18690", "datePublished": "2018-10-26T18:00:00", "dateReserved": "2018-10-26T00:00:00", "dateUpdated": "2024-08-05T11:16:00.371Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0667D0B1-8AC7-46D8-BB4B-68157115D405", "versionEndExcluding": "4.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form."}, {"lang": "es", "value": "En el kernel de Linux en versiones anteriores a la 4.17, un atacante local que sea capaz de establecer atributos en un sistema de archivos xfs podr\u00eda hacer que este sistema de archivos no est\u00e9 operativo hasta el siguiente montaje desencadenando una condici\u00f3n de error no marcada. Esto se debe a que xfs_attr_shortform_addname en fs/xfs/libxfs/xfs_attr.c gestiona de manera incorrecta las operaciones ATTR_REPLACE con la conversi\u00f3n de un attr de forma corta a forma larga."}], "id": "CVE-2018-18690", "lastModified": "2024-11-21T03:56:22.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-26T18:29:00.227", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105753"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-3/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3848-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3848-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=199119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1105025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3847-3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3848-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3848-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3849-2/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:3096", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-957.rt56.910.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}, {"advisory": "RHSA-2018:3083", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-957.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2018-10-30T00:00:00Z"}], "bugzilla": {"description": "kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change", "id": "1643988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643988"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-391", "details": ["In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form."], "name": "CVE-2018-18690", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2018-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-18690\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18690"], "threat_severity": "Moderate", "upstream_fix": "kernel 4.17-rc4"}