Bug 1090749 - (CVE-2018-10322) VUL-0: CVE-2018-10322: kernel-source: The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service(xfs_ilock_attr_map_shared invalid pointer dereference)
(CVE-2018-10322)
VUL-0: CVE-2018-10322: kernel-source: The xfs_dinode_verify function in fs/xf...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/204778/
CVSSv3.1:SUSE:CVE-2018-10322:4.6:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-24 15:46 UTC by Marcus Meissner
Modified: 2021-11-02 12:45 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
poc.c (3.18 KB, text/x-csrc)
2018-04-24 15:47 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-04-24 15:46:34 UTC
CVE-2018-10322

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux
kernel through 4.16.3 allows local users to cause a denial of service
(xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10322
https://www.spinics.net/lists/linux-xfs/msg17215.html
https://bugzilla.kernel.org/show_bug.cgi?id=199377
Comment 1 Marcus Meissner 2018-04-24 15:47:27 UTC
Created attachment 768143 [details]
poc.c

reproducer
Comment 3 Marcus Meissner 2018-05-30 13:11:15 UTC
mainline commit id b42db0860e13067fcc7cbfba3966c9e652668bbc
I think.
Comment 4 Luis Chamberlain 2018-06-01 17:44:53 UTC
(In reply to Marcus Meissner from comment #0)
> CVE-2018-10322
> 
> The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux
> kernel through 4.16.3 allows ...

I confirmed that poc is not effective on SLE12-SP2, SLE12-SP3, SLE15, and as such the only branch affected is the stable branch.

I pushed the fix to:

  * users/lurodriguez/stable/for-next

This is the only applicable branch.
Comment 5 Marcus Meissner 2018-06-02 07:55:44 UTC
done!