SB2018042603 - Denial of service in Linux Kernel

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2018-10323)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the xfs_bmap_extents_to_btree function in the fs/xfs/libxfs/xfs_bmap.c source code file due to NULL pointer dereference when handling Extended File System (XFS) images. A local attacker can mount a specially crafted XFS filesystem image when filesystem operations are executed on the mounted image and cause the service to crash.

2) NULL pointer dereference (CVE-ID: CVE-2018-10322)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the xfs_dinode_verify function in the xfs/xfs/libxfs/xfs_inode_buf.c source code file due to NULL pointer dereference when handling Extended File System (XFS) images. A local attacker can mount a specially crafted XFS filesystem image when filesystem operations are executed on the mounted image and cause the service to crash.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://bugzilla.kernel.org/show_bug.cgi?id=199423
• https://bugzilla.kernel.org/show_bug.cgi?id=199377