diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2018-04-29 21:15:30 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2018-04-29 21:15:30 +0200 |
| commit | 0b8c3a09694fabc0adfc33307564e878ac6fd9de (patch) | |
| tree | 159198ef0278aeac077aa2a8c44c16253fde461d /retired/CVE-2018-1094 | |
| parent | 9a53384fc23b5891eb510d1c3916bc10a9e78cf1 (diff) | |
Retire CVE-2018-1094
Diffstat (limited to 'retired/CVE-2018-1094')
| -rw-r--r-- | retired/CVE-2018-1094 | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/retired/CVE-2018-1094 b/retired/CVE-2018-1094 new file mode 100644 index 00000000..b3098690 --- /dev/null +++ b/retired/CVE-2018-1094 @@ -0,0 +1,22 @@ +Description: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image +References: +Notes: + bwh> This is related to metadata checksums, which were added to ext4 in + bwh> Linux 3.5. + carnil> Additionally 18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 ("ext4: + carnil> don't allow r/w mounts if metadata blocks overlap the + carnil> superblock") might need to be applied: + carnil> https://bugzilla.kernel.org/show_bug.cgi?id=199183#c4 + carnil> but not strictly needed for the security fix. + carnil> According to Ben's triage a similar issue is affecting 4.9 but + carnil> but the issue reported for CVE-2018-1094 does not apply to 4.9. +Bugs: + https://bugzilla.kernel.org/show_bug.cgi?id=199183 +upstream: released (4.17-rc1) [a45403b51582a87872927a3e0fc0a389c26867f1] +4.9-upstream-stable: N/A "Vulnerable code not present" +3.16-upstream-stable: N/A "Vulnerable code not present" +3.2-upstream-stable: N/A "Vulnerable code not present" +sid: released (4.15.17-1) [bugfix/all/ext4-always-initialize-the-crc32c-checksum-driver.patch] +4.9-stretch-security: N/A "Vulnerable code not present" +3.16-jessie-security: N/A "Vulnerable code not present" +3.2-wheezy-security: N/A "Vulnerable code not present" |