CVE-2018-12233: Buffer Overflow
First published: Tue Jun 12 2018(Updated: )
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=4.17.1 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Linux Linux kernel | >=2.6.12<3.16.58 | |
| Linux Linux kernel | >=3.17<3.18.118 | |
| Linux Linux kernel | >=3.19<4.4.147 | |
| Linux Linux kernel | >=4.5<4.9.119 | |
| Linux Linux kernel | >=4.10<4.14.62 | |
| Linux Linux kernel | >=4.15<4.17.14 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/104452
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://lkml.org/lkml/2018/6/2/2
- https://marc.info/?l=linux-kernel&m=152814391530549&w=2
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-3/
- https://usn.ubuntu.com/3753-1/
- https://usn.ubuntu.com/3753-2/
- https://usn.ubuntu.com/3754-1/
- https://marc.info/?l=linux-kernel&m=152814391530549&w=2
- https://launchpad.net/bugs/cve/CVE-2018-12233
- https://security-tracker.debian.org/tracker/CVE-2018-12233
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12233
- https://nvd.nist.gov/vuln/detail/CVE-2018-12233
- https://ubuntu.com/security/CVE-2018-12233
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2018-12233.
What is the title of this vulnerability?
The title of this vulnerability is 'In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1 a memory corruption bug.'
How can this vulnerability be triggered?
This vulnerability can be triggered by calling setxattr twice with two different extended attribute names on the same file.
Who can trigger this vulnerability?
This vulnerability can be triggered by an unprivileged user with the ability to create files and set extended attributes.
What is the severity level of this vulnerability?
The severity level of this vulnerability is not specified.
- collector/nvd-index
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/nvd-cve
- agent/last-modified-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.17.1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/linux linux kernel/2.6.12
- version/linux linux kernel/3.17
- version/linux linux kernel/3.19
- version/linux linux kernel/4.5
- version/linux linux kernel/4.10
- version/linux linux kernel/4.15
- package-manager/debian