CVE-2018-13099 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-13099 PUBLISHED

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

EPSS 1.60% · 81.6th percentile

Risk Scores

EPSS Score

1.60%

81.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	linux-kvm	4.15.0-1010.10, 4.15.0-1011.11, 4.15.0-1012.12
Ubuntu:Pro:14.04:LTS	linux-azure	4.15.0-1036.38~14.04.2, 4.15.0-1032.33~14.04.2, 4.15.0-1031.32~14.04.1
Ubuntu:22.04:LTS	linux-riscv	5.15.0-1012.13, 5.15.0-1011.12, 5.15.0-1008.8
Ubuntu:16.04:LTS	linux-oracle	4.15.0-1011.13~16.04.1, 4.15.0-1013.15~16.04.1, 4.15.0-1010.12~16.04.1
Ubuntu:Pro:FIPS:18.04:LTS	linux-gcp-fips	0, 4.15.0-1001.1
Ubuntu:18.04:LTS	linux-oracle	4.15.0-1015.17, 4.15.0-1017.19, 4.15.0-1018.20
Ubuntu:16.04:LTS	linux-aws-hwe	4.15.0-1035.37~16.04.1, 4.15.0-1045.47~16.04.1, 4.15.0-1044.46~16.04.1
Ubuntu:18.04:LTS	linux-azure	4.15.0-1008.8, 4.15.0-1003.3, 0
Ubuntu:16.04:LTS	linux-azure	4.11.0-1013.13, 4.11.0-1014.14, 4.11.0-1015.15
Ubuntu:18.04:LTS	linux-oem	4.15.0-1034.39, 4.15.0-1045.50, 4.15.0-1043.48
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:20.04:LTS	linux-azure-fde	5.4.0-1100.106+cvm1.1, 5.4.0-1098.104+cvm1.1, 5.4.0-1095.101+cvm1.1
Ubuntu:16.04:LTS	linux-hwe	4.8.0-52.55~16.04.1, 4.8.0-53.56~16.04.1, 4.13.0-39.44~16.04.1
Ubuntu:20.04:LTS	linux-riscv	0, 5.4.0-24.28, 5.4.0-26.30
Ubuntu:16.04:LTS	linux-snapdragon	4.4.0-1012.12, 4.4.0-1078.83, 4.4.0-1077.82
Ubuntu:22.04:LTS	linux-intel-iot-realtime	0, 5.15.0-1073.75
Ubuntu:16.04:LTS	linux-aws	4.4.0-1044.53, 0, 4.4.0-1001.10
Ubuntu:16.04:LTS	linux-kvm	4.4.0-1035.41, 4.4.0-1037.43, 4.4.0-1038.44
Ubuntu:18.04:LTS	linux-gke-4.15	4.15.0-1034.36, 4.15.0-1033.35, 4.15.0-1032.34
Ubuntu:20.04:LTS	linux-gke	5.4.0-1080.86, 5.4.0-1078.84, 5.4.0-1076.82

…and 17 more

Timeline

Jul 3, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Dec 30, 2022 EPSS Score
Jan 2, 2023 EPSS Score
Mar 5, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2018-13099 third-party-advisory
https://bugzilla.kernel.org/show_bug.cgi?id=200179 third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a third-party-advisory
https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/ third-party-advisory
https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=4dbe38dc386910c668c75ae616b99b823b59f3eb third-party-advisory
https://ubuntu.com/security/notices/USN-3932-1 vendor-advisory
https://ubuntu.com/security/notices/USN-3932-2 vendor-advisory
https://ubuntu.com/security/notices/USN-4094-1 vendor-advisory
https://ubuntu.com/security/notices/USN-4118-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2018-13099 third-party-advisory

Open in Interactive Console →