Bugzilla – Bug 1094669
VUL-0: CVE-2018-10840 kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image
Last modified: 2020-06-16 22:09:10 UTC
rh#1582346 The Linux kernel through version 4.17 is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. Fix: https://bugzilla.kernel.org/attachment.cgi?id=276147&action=diff Hard to judge for me if this affects us since dec214d00e0d7 changed the code, which we don't have. But I think it affects us References: https://bugzilla.kernel.org/show_bug.cgi?id=199347 https://bugzilla.redhat.com/show_bug.cgi?id=1582346 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840
I had a look and AFAICT the problem is not there before dec214d00e0d7 because before this commit we never use e_value_offs to determine whether the extended attribute has any data or not (we only use e_value_size). So the problem is not in any of our released kernels. Reassigning back to security team.
thx!