Linux Kernel up to 4.16.3 fs/xfs/libxfs/xfs_bmap.c xfs_bmap_extents_to_btree null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Linux Kernel up to 4.16.3. It has been classified as problematic. Affected by this vulnerability is the function xfs_bmap_extents_to_btree in the library fs/xfs/libxfs/xfs_bmap.c. This manipulation causes null pointer dereference.
This vulnerability appears as CVE-2018-10323. The attack requires local access. There is no available exploit.
Upgrading the affected component is recommended.
Details
A vulnerability classified as problematic was found in Linux Kernel up to 4.16.3 (Operating System). Affected by this vulnerability is the function xfs_bmap_extents_to_btree in the library fs/xfs/libxfs/xfs_bmap.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. As an impact it is known to affect availability. The summary by CVE is:
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
The bug was discovered 04/17/2018. The weakness was presented 04/24/2018 (Website). The advisory is shared at securityfocus.com. This vulnerability is known as CVE-2018-10323 since 04/24/2018. The exploitation appears to be easy. An attack has to be approached locally. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available.
The vulnerability was handled as a non-public zero-day exploit for at least 7 days. During that time the estimated underground price was around $0-$5k. The vulnerability scanner Nessus provides a plugin with the ID 110583 (Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 277309 (Fedora Security Update for kernel (FEDORA-2018-ac3b4c7605)).
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 months after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (110583), SecurityFocus (BID 103959†) and CERT Bund (WID-SEC-2022-0532). See VDB-90523 and VDB-117072 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Affected
- Oracle Linux
- Debian Linux
- Open Source Linux Kernel
- Red Hat Enterprise Linux
- Ubuntu Linux
- SUSE Linux
- Oracle VM
- NetApp FAS
- Avaya Aura Communication Manager
- Avaya Aura Session Manager
- Avaya Aura Application Enablement Services
- Avaya Aura System Manager
- Avaya Aura Experience Portal
- NetApp AFF
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.4VulDB Meta Temp Score: 4.3
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 110583
Nessus Name: Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4134)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 54612
OpenVAS Name: Debian Security Advisory DSA 4188-1 (linux - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
04/17/2018 🔍04/24/2018 🔍
04/24/2018 🔍
04/24/2018 🔍
04/24/2018 🔍
04/25/2018 🔍
06/15/2018 🔍
06/18/2018 🔍
09/14/2025 🔍
Sources
Vendor: kernel.orgAdvisory: USN-3752-1⛔
Status: Confirmed
CVE: CVE-2018-10323 (🔍)
GCVE (CVE): GCVE-0-2018-10323
GCVE (VulDB): GCVE-100-117073
OVAL: 🔍
SecurityFocus: 103959 - Linux Kernel 'fs/xfs/libxfs/xfs_bmap.c' Local Denial of Service Vulnerability
CERT Bund: WID-SEC-2022-0532 - Linux Kernel: Mehrere Schwachstellen
See also: 🔍
Entry
Created: 04/25/2018 08:48Updated: 09/14/2025 03:47
Changes: 04/25/2018 08:48 (78), 01/31/2020 11:59 (5), 03/07/2023 14:38 (4), 09/14/2025 03:47 (21)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.