CVE-2018-10876 in Ubuntu

CVE-2018-10876

Priority

Description

A flaw was found in Linux kernel in the ext4 filesystem code. A
use-after-free is possible in ext4_ext_remove_space() function when
mounting and operating a crafted ext4 image.

Ubuntu-Description

Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10876
https://bugzilla.kernel.org/show_bug.cgi?id=199403
http://patchwork.ozlabs.org/patch/929239/
https://usn.ubuntu.com/usn/usn-3753-1
https://usn.ubuntu.com/usn/usn-3753-2
https://usn.ubuntu.com/usn/usn-3871-1
https://usn.ubuntu.com/usn/usn-3871-3
https://usn.ubuntu.com/usn/usn-3871-4
https://usn.ubuntu.com/usn/usn-3871-5

Notes

sbeattie

fs/ext4/balloc.c
first issue in bugzilla report may require additional fix
possible reproducer in bug report

Package

Source: linux (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-134.160)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-44.47)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-10.11)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-13.14)

Patches:

Introduced by

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Fixed by

8844618d8aa7a9973e7b527d038a2a589665002c

Package

Source: linux-aws (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-1028.31)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1066.76)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1032.34)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1002.3)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1004.4)

Package

Source: linux-aws-hwe (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1032.34~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-azure (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.15.0-1037.39~14.04.2)
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1037.39~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1037.39)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1003.3)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1004.4)

Package

Source: linux-azure-edge (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1037.39~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1037.39)
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-euclid (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-flo (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-gcp (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1027.28~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1027.28)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1002.3)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1004.4)

Package

Source: linux-gcp-edge (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.18.0-1004.5~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-gke (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-goldfish (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-grouper (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-hwe (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-45.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (4.18.0-13.14~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-hwe-edge (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-45.48~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (5.0.0-15.16~18.04.1)
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-kvm (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1032.38)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1029.29)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1003.3)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1004.4)

Package

Source: linux-lts-trusty (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	ignored (was needed ESM criteria)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-lts-utopic (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-lts-vivid (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-lts-wily (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-lts-xenial (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	released (4.4.0-134.160~14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-maguro (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-mako (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-manta (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [abandoned])
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE
Ubuntu 19.04 (Disco Dingo):	DNE
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: linux-oem (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1033.38)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.15.0-1033.38)
Ubuntu 19.10 (Eoan Ermine):	not-affected (4.15.0-1035.40)

Package

Source: linux-oracle (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.15.0-1008.10~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1008.10)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.15.0-1008.10)
Ubuntu 19.10 (Eoan Ermine):	not-affected (4.15.0-1011.13)

Package

Source: linux-raspi2 (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1095.103)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1031.33)
Ubuntu 19.04 (Disco Dingo):	not-affected (4.18.0-1005.7)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1006.6)

Package

Source: linux-snapdragon (LP Ubuntu Debian)

Upstream:	released (4.18~rc4)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (4.4.0-1099.104)
Ubuntu 18.04 LTS (Bionic Beaver):	released (4.15.0-1053.57)
Ubuntu 19.04 (Disco Dingo):	not-affected (5.0.0-1010.10)
Ubuntu 19.10 (Eoan Ermine):	not-affected (5.0.0-1010.10)

More Information

Updated: 2019-12-05 21:08:53 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)