Out-of-bounds Read Affecting kernel-uek-debug package, versions <0:2.6.39-400.299.1.el5uek
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ORACLE5-KERNELUEKDEBUG-2530865
- published 10 Apr 2022
- disclosed 2 Apr 2018
Introduced: 2 Apr 2018
CVE-2018-1093 Open this link in a new tabHow to fix?
Upgrade Oracle:5
kernel-uek-debug
to version 0:2.6.39-400.299.1.el5uek or higher.
This issue was patched in ELSA-2018-4110
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-uek-debug
package and not the kernel-uek-debug
package as distributed by Oracle
.
See How to fix?
for Oracle:5
relevant fixed versions and status.
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
References
- https://linux.oracle.com/cve/CVE-2018-1093.html
- https://linux.oracle.com/errata/ELSA-2018-4084.html
- https://linux.oracle.com/errata/ELSA-2018-4109.html
- https://linux.oracle.com/errata/ELSA-2018-4110.html
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://www.debian.org/security/2018/dsa-4188
- https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html
- https://usn.ubuntu.com/3676-2/
- https://usn.ubuntu.com/3676-1/
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://usn.ubuntu.com/3754-1/
- https://usn.ubuntu.com/3752-2/
- https://usn.ubuntu.com/3752-1/
- https://usn.ubuntu.com/3752-3/