CVE-2018-13094

Public on 2018-07-03

Modified on 2018-08-06

Description

An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.

Severity

Low

See what this means

CVSS v3 Base Score

5.0

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	kernel	2018-08-04 23:47	ALAS-2018-1048
Amazon Linux 2 - Core	kernel	2018-08-04 23:49	ALAS2-2018-1051

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.0	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD	CVSSv3	5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2018-13094 Mitre: CVE-2018-13094 FAQs regarding Amazon Linux ALAS/CVE Severity