Vulnerability DatabaseCVE-2018-1094
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2018-1094
Published:April 02, 2018
Updated:May 17, 2026
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
Related Resources (12)
https://bugzilla.redhat.com/show_bug.cgi?id=1560788
https://access.redhat.com/errata/RHSA-2018:2948
https://usn.ubuntu.com/3695-2/
https://access.redhat.com/security/cve/CVE-2018-1094
https://bugzilla.kernel.org/show_bug.cgi?id=199183
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1094
https://access.redhat.com/errata/RHSA-2018:3096
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957
http://openwall.com/lists/oss-security/2018/03/29/1
https://access.redhat.com/errata/RHSA-2018:3083
https://usn.ubuntu.com/3695-1/
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476
EPSS
Base Score:
0.29