Unchecked Error Condition in xfs_attr_shortform_addname Leads to Non-Operational Filesystem Vulnerability

Unchecked Error Condition in xfs_attr_shortform_addname Leads to Non-Operational Filesystem Vulnerability

CVE-2018-18690 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.