1090717 – (CVE-2018-10323) VUL-0: CVE-2018-10323: kernel-source: The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linuxkernel through 4.16.3 allows local users to cause a denial of service(xfs_bmapi_write NULL pointer dereference) via a cra

Bug 1090717 (CVE-2018-10323) - VUL-0: CVE-2018-10323: kernel-source: The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linuxkernel through 4.16.3 allows local users to cause a denial of service(xfs_bmapi_write NULL pointer dereference) via a cra

Summary: VUL-0: CVE-2018-10323: kernel-source: The xfs_bmap_extents_to_btree function ...

Status:	RESOLVED FIXED

Alias:	CVE-2018-10323

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/204779/
Whiteboard:	CVSSv3.1:SUSE:CVE-2018-10323:4.6:(AV...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-04-24 13:34 UTC by Marcus Meissner
Modified:	2024-06-25 13:47 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
poc.c (896 bytes, text/x-csrc) 2018-04-24 13:36 UTC, Marcus Meissner	Details
compressed image (23.02 KB, application/zip) 2018-04-24 16:18 UTC, Luis Chamberlain	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-04-24 13:34:58 UTC

CVE-2018-10323

The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux
kernel through 4.16.3 allows local users to cause a denial of service
(xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10323
https://www.spinics.net/lists/linux-xfs/msg17254.html
https://bugzilla.kernel.org/show_bug.cgi?id=199423

Comment 1 Marcus Meissner 2018-04-24 13:36:25 UTC

Created attachment 768118 [details]
poc.c

QA REPRODUCER:

poc.c created out of fuzzer run

Comment 2 Luis Chamberlain 2018-04-24 16:18:45 UTC

Created attachment 768145 [details]
compressed image

Needed for the poc as per kernel.org bugzilla

Comment 3 Luis Chamberlain 2018-04-24 16:30:48 UTC

Pushed to:

  o users/lurodriguez/master/for-next
  o users/lurodriguez/stable/for-next
  o users/lurodriguez/SLE15/for-next

I confirmed the BUG null pointer is not triggered with the poc on SLE12-SP3.

Comment 5 Marcus Meissner 2018-05-11 16:08:34 UTC

done then

Comment 6 Swamp Workflow Management 2018-07-28 13:41:33 UTC

openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available.

Category: security (important)
Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1