CVE-2018-14617

Sažetak

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.

Reference

http://www.securityfocus.com/bid/104917
https://bugzilla.kernel.org/show_bug.cgi?id=200297
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://usn.ubuntu.com/3821-1/
https://usn.ubuntu.com/3821-2/
https://usn.ubuntu.com/4094-1/
https://usn.ubuntu.com/4118-1/
https://www.debian.org/security/2018/dsa-4308
https://www.spinics.net/lists/linux-fsdevel/msg130021.html

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

13-08-2019 - 19:15

Objavljeno

27-07-2018 - 04:29