The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: NULL pointer dereference via xfs_dinode_verify

Synthesis of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via xfs_dinode_verify() of the Linux kernel, in order to trigger a denial of service.
Impacted systems: Fedora, Linux, RHEL, Ubuntu.
Severity of this alert: 1/4.
Creation date: 25/04/2018.
Références of this alert: 199377, CVE-2018-10322, FEDORA-2018-ac3b4c7605, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, USN-4578-1, USN-4579-1, VIGILANCE-VUL-25979.

Description of the vulnerability 

An attacker can force a NULL pointer to be dereferenced via xfs_dinode_verify() of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability announce impacts software or systems such as Fedora, Linux, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity threat is low.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer threat bulletin.

Solutions for this threat 

Linux kernel: patch for xfs_dinode_verify.
A patch is indicated in information sources.

Fedora 28: new kernel packages.
New packages are available:
  Fedora 28: kernel 4.16.8-300.fc28

RHEL 7: new kernel-alt packages (30/10/2018).
New packages are available:
  RHEL 7: kernel-alt 4.14.0-115.el7a

RHEL 7: new kernel packages.
New packages are available:
  RHEL 7: kernel 3.10.0-957.el7

RHEL 7: new kernel-rt packages.
New packages are available:
  RHEL 7: kernel-rt 3.10.0-957.rt56.910.el7

Ubuntu: new linux-image-4.15.0 packages.
New packages are available:
  Ubuntu 14.04 ESM: linux-image-azure 4.15.0.1098.74
  Ubuntu 16.04 LTS: linux-image-generic-hwe-16.04 4.15.0.120.121
  Ubuntu 18.04 LTS: linux-image-generic 4.15.0.121.108

Ubuntu: new linux-image-4.4.0 packages.
New packages are available:
  Ubuntu 14.04 ESM: linux-image-generic-lts-xenial 4.4.0.193.169
  Ubuntu 16.04 LTS: linux-image-generic 4.4.0.193.199
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability bulletin. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.