CVE-2018-12233 (retired)

Priority
Description
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through
4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr
twice with two different extended attribute names on the same file. This
vulnerability can be triggered by an unprivileged user with the ability to
create files and execute programs. A kmalloc call is incorrect, leading to
slab-out-of-bounds in jfs_xattr.
Ubuntu-Description
Shankara Pailoor discovered that the JFS filesystem implementation in the
Linux kernel contained a buffer overflow when handling extended attributes.
A local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-134.160)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-33.36)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-10.11)
Patches:
Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2Fixed by 92d34134193e5b129dc24f8d79cb9196626e8d7a
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1066.76)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1022.22~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1022.23)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1022.23)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-1003.3~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed ESM criteria)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-1018.19~16.04.2)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1018.19)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1002.3)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needs-triage now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-33.36~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.15.0-33.36~16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (4.18.0-11.12~18.04.1)
Ubuntu 19.04 (Disco Dingo):DNE
Package
linux-krillin:ignored (was needs-triage now end-of-life)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1032.38)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1020.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1003.3)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):ignored (was needed ESM criteria)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (abandoned)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):ignored (was needed now end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1017.20)
Ubuntu 19.04 (Disco Dingo):not-affected (4.15.0-1021.24)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1095.103)
Ubuntu 18.04 LTS (Bionic Beaver):released (4.15.0-1021.23)
Ubuntu 19.04 (Disco Dingo):not-affected (4.18.0-1005.7)
Package
Upstream:released (4.18~rc2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4.4.0-1099.104)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.04 (Disco Dingo):DNE
Package
linux-vegetahd:ignored (was needs-triage now end-of-life)
More Information

Updated: 2019-08-23 09:28:36 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)