CVE-2018-13099

NameCVE-2018-13099
DescriptionAn issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1531-1, DSA-4308-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.289-2fixed
bullseye5.10.178-3fixed
bullseye (security)5.10.191-1fixed
bookworm6.1.38-1fixed
bookworm (security)6.1.52-1fixed
trixie, sid6.5.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcestretch4.9.110-3+deb9u5DSA-4308-1
linuxsource(unstable)4.18.10-1
linux-4.9sourcejessie4.9.110-3+deb9u5~deb8u1DLA-1531-1
linux-4.9source(unstable)(unfixed)

Notes

[jessie] - linux <ignored> (Hard to backport and low priority outside of Android)
https://bugzilla.kernel.org/show_bug.cgi?id=200179
https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a
https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/
Search for package or bug name: Reporting problems