Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1582358 - (CVE-2018-11412) CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inline_data() with crafted ext4 image
CVE-2018-11412 kernel: out-of-bounds memcpy in fs/ext4/inline.c:ext4_read_inl...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20180522,repor...
: Security
Depends On: 1582359 1583452 1582360
Blocks: 1582361
  Show dependency treegraph
 
Reported: 2018-05-24 21:14 EDT by Sam Fowler
Modified: 2018-08-28 18:44 EDT (History)
46 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sam Fowler 2018-05-24 21:14:07 EDT 
The fs/ext4/inline.c:ext4_read_inline_data() function in the Linux kernel performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. The unbound copy can cause memory corruption or possible privilege escalation.

An upstream bug:

https://bugzilla.kernel.org/show_bug.cgi?id=199803

Upstream patches:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=117166efb1ee8f13c38f9e96b258f16d4923f888

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb9b5f01c33adebc31cbc236c02695f605b0e417
Comment 1 Sam Fowler 2018-05-24 21:14:36 EDT 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1582360]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.