SB2018071209 - Denial of service in Linux Kernel

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Divide by zero (CVE-ID: CVE-2018-13097)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the user_block_count() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input, trigger divide-by-zero memory error and cause the affected software to terminate abnormally.

2) Out-of-bounds read (CVE-ID: CVE-2018-13096)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the build_sit_info() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input in an abnormal bitmap size, trigger out-of-bounds memory read and cause the affected software to terminate abnormally.

3) Null pointer dereference (CVE-ID: CVE-2018-13093)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the lookup_slow() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/xfs_icache.c due to boundary error when mounting XFS filesystems. A local attacker can mount an XFS filesystem that submits malicious input, trigger NULL pointer dereference memory error and cause the affected software to terminate abnormally.

4) Null pointer dereference (CVE-ID: CVE-2018-13094)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the fs/xfs/libxfs/xfs_attr_leaf.c source code file in the Extended File System (XFS) component when the xfs_da_shrink_inode() function is called with a NULL byte pointer. A local attacker can mount and perform operations on a crafted XFS image, trigger a NULL pointer dereference condition in the xfs_trans_binval() function and cause the service to crash.

5) Null pointer dereference (CVE-ID: CVE-2018-13095)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the xfs_bmap_extents_to_btree() function in the Extended File System (XFS) component, as defined in the source code file fs/xfs/libxfs/xfs_inode_buf.c due to boundary error when mounting XFS filesystems. A local attacker can access the system, mount an XFS filesystem that submits malicious input, trigger a NULL pointer dereference memory error and cause the affected software to terminate abnormally.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://bugzilla.kernel.org/show_bug.cgi?id=200171
• https://bugzilla.kernel.org/show_bug.cgi?id=200167
• https://bugzilla.kernel.org/show_bug.cgi?id=199367
• https://bugzilla.kernel.org/show_bug.cgi?id=199969
• https://bugzilla.kernel.org/show_bug.cgi?id=199915