First Last Prev Next    This bug is not in your last search results.
Bug 1087095 - (CVE-2018-1093) VUL-1: CVE-2018-1093: kernel-source: Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4 image
(CVE-2018-1093)
VUL-1: CVE-2018-1093: kernel-source: Out of bounds read in ext4/balloc.c:ext4...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/202737/
CVSSv3:SUSE:CVE-2018-1093:4.4:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-27 13:36 UTC by Marcus Meissner
Modified: 2019-08-28 09:03 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
230.img (2.00 MB, application/octet-stream)
2018-03-27 13:40 UTC, Marcus Meissner 		Details
poc.c (3.18 KB, text/plain)
2018-03-27 13:41 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-03-27 13:36:39 UTC 
rh#1560782

The Linux kernel through version 4.15 is vulnerable to an out-of-bounds read in ext4/balloc.c:ext4_valid_block_bitmap() function. An privileged attacker could exploit this by mounting a crafted ext4 image to cause a crash.


Upstream Bug:

https://bugzilla.kernel.org/show_bug.cgi?id=199181

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1560782
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1093
Comment 1 Marcus Meissner 2018-03-27 13:40:45 UTC 
Created attachment 765105 [details]
230.img

QA REPRODUCER img:

230.img
Comment 2 Marcus Meissner 2018-03-27 13:41:17 UTC 
Created attachment 765108 [details]
poc.c

QA REPRODUCER:

# mkdir mnt
# mount -t ext4 230.img mnt
# gcc -o poc poc.c
# ./poc mnt
Comment 4 Jan Kara 2018-05-17 13:07:05 UTC 
OK, respective upstream commits are 7dac4a1726a9 and a followup fixup 22be37acce25. Backporting...
Comment 5 Jan Kara 2018-05-23 14:30:14 UTC 
Pushed out fixes to SLE15-UPDATE, SLE12-SP3 has it from stable - just updated tags, SLE12-SP2-LTSS, cve/linux-3.12. I didn't backport the fix to 3.0-based kernels as we support ext4 there in read-only mode for migration purposes only and this bug doesn't look serious enough to warrant a backport there.

All is done from my side, reassigning to security team.
Comment 6 Swamp Workflow Management 2018-06-20 13:12:01 UTC 
SUSE-SU-2018:1761-1: An update that solves 10 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1038553,1046610,1079152,1082962,1083382,1083900,1087007,1087012,1087082,1087086,1087095,1092813,1092904,1094033,1094353,1094823,1096140,1096242,1096281,1096480,1096728,1097356
CVE References: CVE-2017-13305,CVE-2018-1000204,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.96.1, kernel-source-3.12.74-60.64.96.1, kernel-syms-3.12.74-60.64.96.1, kernel-xen-3.12.74-60.64.96.1, kgraft-patch-SLE12-SP1_Update_29-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.96.1, kernel-source-3.12.74-60.64.96.1, kernel-syms-3.12.74-60.64.96.1, kernel-xen-3.12.74-60.64.96.1, kgraft-patch-SLE12-SP1_Update_29-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.96.1
Comment 7 Swamp Workflow Management 2018-06-20 13:16:34 UTC 
SUSE-SU-2018:1762-1: An update that solves 10 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1046610,1079152,1082962,1083900,1087007,1087012,1087082,1087086,1087095,1092552,1092813,1092904,1094033,1094353,1094823,1096140,1096242,1096281,1096480,1096728,1097356
CVE References: CVE-2017-13305,CVE-2018-1000204,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.136.1, kernel-source-3.12.61-52.136.1, kernel-syms-3.12.61-52.136.1, kernel-xen-3.12.61-52.136.1, kgraft-patch-SLE12_Update_36-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.136.1
Comment 8 Swamp Workflow Management 2018-06-21 16:25:47 UTC 
openSUSE-SU-2018:1773-1: An update that solves 11 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1022607,1022743,1024718,1031492,1031717,1035432,1036215,1041740,1045330,1056415,1066223,1068032,1068054,1068951,1070404,1073311,1075428,1076049,1078583,1079152,1080542,1080656,1081500,1081514,1082153,1082504,1082979,1085308,1086400,1086716,1087007,1087012,1087036,1087082,1087086,1087095,1088871,1090435,1090534,1090734,1090955,1091594,1091815,1092552,1092813,1092903,1093533,1093904,1094177,1094268,1094353,1094356,1094405,1094466,1094532,1094823,1094840,1095042,1095147,1096037,1096140,1096214,1096242,1096281,1096751,1096982,1097234,1097356,1098009,1098012,971975,973378,978907
CVE References: CVE-2017-13305,CVE-2017-17741,CVE-2017-18241,CVE-2017-18249,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-12233,CVE-2018-3639,CVE-2018-3665,CVE-2018-5848
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.138-59.1, kernel-default-4.4.138-59.1, kernel-docs-4.4.138-59.1, kernel-obs-build-4.4.138-59.1, kernel-obs-qa-4.4.138-59.1, kernel-source-4.4.138-59.1, kernel-syms-4.4.138-59.1, kernel-vanilla-4.4.138-59.1
Comment 11 Swamp Workflow Management 2018-06-26 16:19:58 UTC 
SUSE-SU-2018:1816-1: An update that solves 17 vulnerabilities and has 109 fixes is now available.

Category: security (important)
Bug References: 1009062,1012382,1019695,1019699,1022604,1022607,1022743,1024718,1031717,1035432,1036215,1041740,1043598,1044596,1045330,1056415,1056427,1060799,1066223,1068032,1068054,1068951,1070404,1073059,1073311,1075087,1075428,1076049,1076263,1076805,1078583,1079152,1080157,1080542,1080656,1081500,1081514,1081599,1082153,1082299,1082485,1082504,1082962,1082979,1083635,1083650,1083900,1084721,1085185,1085308,1086400,1086716,1087007,1087012,1087036,1087082,1087086,1087095,1088810,1088871,1089023,1089115,1089393,1089895,1090225,1090435,1090534,1090643,1090658,1090663,1090708,1090718,1090734,1090953,1090955,1091041,1091325,1091594,1091728,1091960,1092289,1092497,1092552,1092566,1092772,1092813,1092888,1092904,1092975,1093008,1093035,1093144,1093215,1093533,1093904,1093990,1094019,1094033,1094059,1094177,1094268,1094353,1094356,1094405,1094466,1094532,1094823,1094840,1095042,1095147,1096037,1096140,1096214,1096242,1096281,1096751,1096982,1097234,1097356,1098009,1098012,919144,971975,973378,978907,993388
CVE References: CVE-2017-13305,CVE-2017-17741,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-12233,CVE-2018-3639,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.138-3.14.1, kernel-rt_debug-4.4.138-3.14.1, kernel-source-rt-4.4.138-3.14.1, kernel-syms-rt-4.4.138-3.14.1
Comment 12 Swamp Workflow Management 2018-06-29 19:18:08 UTC 
SUSE-SU-2018:1855-1: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1068032,1079152,1082962,1083650,1083900,1085185,1086400,1087007,1087012,1087036,1087086,1087095,1089895,1090534,1090955,1092497,1092552,1092813,1092904,1094033,1094353,1094823,1095042,1096140,1096242,1096281,1096728,1097356,973378
CVE References: CVE-2017-13305,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1000204,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.85.1
Comment 18 Swamp Workflow Management 2018-07-18 06:10:35 UTC 
This is an autogenerated message for OBS integration:
This bug (1087095) was mentioned in
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 19 Swamp Workflow Management 2018-10-18 16:46:37 UTC 
SUSE-SU-2018:1855-2: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1068032,1079152,1082962,1083650,1083900,1085185,1086400,1087007,1087012,1087036,1087086,1087095,1089895,1090534,1090955,1092497,1092552,1092813,1092904,1094033,1094353,1094823,1095042,1096140,1096242,1096281,1096728,1097356,973378
CVE References: CVE-2017-13305,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1000204,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
Comment 20 Marcus Meissner 2019-07-11 05:44:05 UTC 
all done
First Last Prev Next    This bug is not in your last search results.