CVE-2018-11412
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/44832/unverifiedexploitdbwww.exploit-db.com/exploits/44832unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2019:0525https://bugs.chromium.org/p/project-zero/issues/detail?id=1580https://bugzilla.kernel.org/show_bug.cgi?id=199803https://usn.ubuntu.com/3752-1/https://usn.ubuntu.com/3752-2/https://usn.ubuntu.com/3752-3/https://www.exploit-db.com/exploits/44832/http://www.securityfocus.com/bid/104291