An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
References
Link | Resource |
---|---|
https://www.spinics.net/lists/linux-fsdevel/msg130021.html | Issue Tracking Patch Third Party Advisory |
https://bugzilla.kernel.org/show_bug.cgi?id=200297 | Exploit Issue Tracking Third Party Advisory |
http://www.securityfocus.com/bid/104917 | Third Party Advisory VDB Entry |
https://www.debian.org/security/2018/dsa-4308 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3821-2/ | Third Party Advisory |
https://usn.ubuntu.com/3821-1/ | Third Party Advisory |
https://usn.ubuntu.com/4094-1/ | |
https://usn.ubuntu.com/4118-1/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2018-07-26 21:29
Updated : 2019-08-13 12:15
NVD link : CVE-2018-14617
Mitre link : CVE-2018-14617
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
linux
- linux_kernel