製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel における境界外書き込みに関する脆弱性

Title	Linux Kernel における境界外書き込みに関する脆弱性
Summary	Linux Kernel には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 13, 2018, midnight
Registration Date	Oct. 17, 2018, 4:33 p.m.
Last Update	Oct. 17, 2018, 4:33 p.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 警告
Score	6.1
Vector	AV:L/AC:L/Au:N/C:P/I:P/A:C

Affected System

Debian

Debian GNU/Linux

Canonical

Ubuntu

Linux

Linux Kernel

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-10878	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10878
National Vulnerability Database (NVD)
2	CVE-2018-10878	https://nvd.nist.gov/vuln/detail/CVE-2018-10878

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1423-1] linux-4.9 new package	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
Kernel.org Bugzilla
2	Bug 199865	https://bugzilla.kernel.org/show_bug.cgi?id=199865
Linux Kernel
3	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
4	ext4: always check block group bounds in ext4_init_block_bitmap()	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2
5	ext4: make sure bitmaps and the inode table don't overlap with bg descriptors	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee
Patchwork Linux network development
6	[1/3] ext4: always check block group bounds in ext4_init_block_bitmap()	http://patchwork.ozlabs.org/patch/929237/
7	[2/3] ext4: make sure bitmaps and the inode table don't overlap with bg descriptors	http://patchwork.ozlabs.org/patch/929238/
Ubuntu Security Notice
8	USN-3753-1	https://usn.ubuntu.com/3753-1/
9	USN-3753-2	https://usn.ubuntu.com/3753-2/

その他

No	Name	URL
関連文書
1	Bug 1596802	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878

Change Log

No	Changed Details	Date of change
1	[2018年10月17日] 掲載	Oct. 17, 2018, 4:33 p.m.

NVD Vulnerability Information

CVE-2018-10878

Summary	A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
Publication Date	July 27, 2018, 3:29 a.m.
Registration Date	March 1, 2021, 6:44 p.m.
Last Update	Nov. 21, 2024, 12:42 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	3.17			3.18.124
cpe:2.3:o:linux:linux_kernel::::::::	4.15			4.17.6
cpe:2.3:o:linux:linux_kernel::::::::	4.10			4.14.55
cpe:2.3:o:linux:linux_kernel::::::::	4.5			4.9.112
cpe:2.3:o:linux:linux_kernel::::::::	3.19			4.4.140
cpe:2.3:o:linux:linux_kernel::::::::				3.16.58

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://patchwork.ozlabs.org/patch/929237/	Patch Third Party Advisory
2	http://patchwork.ozlabs.org/patch/929237/	Patch Third Party Advisory
3	http://patchwork.ozlabs.org/patch/929238/	Patch Third Party Advisory
4	http://patchwork.ozlabs.org/patch/929238/	Patch Third Party Advisory
5	https://access.redhat.com/errata/RHSA-2018:2948	Third Party Advisory
6	https://access.redhat.com/errata/RHSA-2018:2948	Third Party Advisory
7	https://access.redhat.com/errata/RHSA-2018:3083	Third Party Advisory
8	https://access.redhat.com/errata/RHSA-2018:3083	Third Party Advisory
9	https://access.redhat.com/errata/RHSA-2018:3096	Third Party Advisory
10	https://access.redhat.com/errata/RHSA-2018:3096	Third Party Advisory
11	https://bugzilla.kernel.org/show_bug.cgi?id=199865	Exploit Issue Tracking Patch Vendor Advisory
12	https://bugzilla.kernel.org/show_bug.cgi?id=199865	Exploit Issue Tracking Patch Vendor Advisory
13	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878	Issue Tracking Patch
14	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878	Issue Tracking Patch
15	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee	Patch Vendor Advisory
16	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee	Patch Vendor Advisory
17	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2	Patch Vendor Advisory
18	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2	Patch Vendor Advisory
19	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	Mailing List Third Party Advisory
20	https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html	Mailing List Third Party Advisory
21	https://usn.ubuntu.com/3753-1/	Third Party Advisory
22	https://usn.ubuntu.com/3753-1/	Third Party Advisory
23	https://usn.ubuntu.com/3753-2/	Third Party Advisory
24	https://usn.ubuntu.com/3753-2/	Third Party Advisory
25	https://usn.ubuntu.com/3871-1/	Third Party Advisory
26	https://usn.ubuntu.com/3871-1/	Third Party Advisory
27	https://usn.ubuntu.com/3871-3/	Third Party Advisory
28	https://usn.ubuntu.com/3871-3/	Third Party Advisory
29	https://usn.ubuntu.com/3871-4/	Third Party Advisory
30	https://usn.ubuntu.com/3871-4/	Third Party Advisory
31	https://usn.ubuntu.com/3871-5/	Third Party Advisory
32	https://usn.ubuntu.com/3871-5/	Third Party Advisory

Common Vulnerabilities List