Bugzilla – Bug 1094669
VUL-0: CVE-2018-10840 kernel: Heap-based buffer overflow in fs/ext4/xattr.c:ext4_xattr_set_entry() with crafted ext4 image
Last modified: 2020-06-16 22:09:10 UTC
The Linux kernel through version 4.17 is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.
Hard to judge for me if this affects us since dec214d00e0d7 changed the code, which we don't have. But I think it affects us
I had a look and AFAICT the problem is not there before dec214d00e0d7 because before this commit we never use e_value_offs to determine whether the extended attribute has any data or not (we only use e_value_size). So the problem is not in any of our released kernels.
Reassigning back to security team.