Linux Kernel CVE-2018-10840 Local Heap Based Buffer Overflow Vulnerability

Linux Kernel is prone to a local heap-based buffer-overflow vulnerability.

Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges. Failed attack attempts will likely result in denial-of-service conditions.
Kernel versions 4.15, 4.16, and 4.17 are vulnerable; other versions may also be affected.

Information

Bugtraq ID: 104858
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-10840

Remote: No
Local: Yes
Published: Apr 11 2018 12:00AM
Updated: Dec 07 2018 06:00AM
Credit: Wen Xu from SSLab, Gatech.
Vulnerable: Redhat Enterprise Mrg 2
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Redhat Enterprise Linux 5
Linux kernel 4.16.11
Linux kernel 4.16.9
Linux kernel 4.16.6
Linux kernel 4.16.3
Linux kernel 4.15.14
Linux kernel 4.15.11
Linux kernel 4.15.9
Linux kernel 4.15.4
Linux kernel 4.17-rc2
Linux kernel 4.17
Linux kernel 4.16-rc7
Linux kernel 4.16-rc6
Linux kernel 4.16-rc
Linux kernel 4.16
Linux kernel 4.15.8
Linux kernel 4.15.7
Linux kernel 4.15.16
Linux kernel 4.15-rc5
Linux kernel 4.15
Google Android 0

Not Vulnerable:

Exploit

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

References:

• Linux kernel Homepage (kernel.org)
  
• Android Security Bulletinâ??December 2018 (Google)
  
• Bug 1582346 CVE-2018-10840 kernel: Heap-based buffer overflow (Redhat)
  
• Bug 199347 - buffer overflow in ext4_xattr_set_entry() (Kernel)
  
• CVE-2018-10840 (Redhat)
  
• ext4: correctly handle a zero-length xattr with a non-zero e_value_offs (Kernel)
  
• Kernel.org Bugzilla â?? Attachment #276147: ext4: correctly handle a zero-length (kernel)
  

Source: www.securityfocus.com