CVE-2018-14609

An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image could lead to a system crash and a denial of service...

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

CVE-2018-14613

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in ioctlmappage when mounting and operating a crafted btrfs image, because of a lack of block group item validation in checkleafitem in fs/btrfs/tree-checker.c...

Design/Logic Flaw

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rbtrees when reloc control has not been initialized...

Design/Logic Flaw

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in ioctlmappage when mounting and operating a crafted btrfs image, because of a lack of block group item validation in checkleafitem in fs/btrfs/tree-checker.c...

CVE-2018-14609

CVE-2018-14609 affects the Linux kernel (up to 4.17.10) with an invalid pointer dereference in __del_reloc_root() of fs/btrfs/relocation.c when mounting a crafted Btrfs image. The issue is triggered by removing reloc rb_trees when reloc control has not been initialized, leading to potential denia...

CVE-2018-14613

CVE-2018-14613 affects the Linux kernel up to 4.17.10. It involves an invalid pointer dereference in io_ctl_map_page() when mounting/operating a crafted btrfs image, caused by a lack of block group item validation in fs/btrfs/tree-checker.c (check_leaf_item). The issue yields a local, likely kern...

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

CVE-2018-14613

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in ioctlmappage when mounting and operating a crafted btrfs image, because of a lack of block group item validation in checkleafitem in fs/btrfs/tree-checker.c...

CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in delrelocroot in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rbtrees when reloc control has not been initialized...

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

CVE-2018-14612

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfsrootnode when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfsreadblockgroups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks i...

Linux kernel invalid pointer dereference vulnerability (CNVD-2018-24480)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'delrelocroot' function of the fs/btrfs/relocation.c file in Linux kernel versions 4.17.10 and earlier, where the vulnerable...

Linux kernel invalid pointer dereference vulnerability (CNVD-2018-24481)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'btrfsrootnode' function in Linux kernel version 4.17.10 and earlier. An attacker can exploit this vulnerability to cause a deni...

Memory Read Out-of-Bounds Vulnerability in TAS SG2 Software

Taian Technology Wuxi Co., Ltd. manufactures, sells and develops a range of industrial control and low voltage electrical and power distribution products, i.e. electronic and component products. A memory read out-of-bounds vulnerability exists in the SG2 software of Taian Technology. The...

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service...

Updated exempi package fixes security vulnerabilities

An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScriptMetaHandler::ParsePSFile function in PostScriptHandler.cpp CVE-2018-7729. An issue was discovered in Exempi through 2.4.4. WEBPSupport.cpp does not check whether a bitstream has a NULL value,...

oniguruma: Invalid pointer dereference in left_adjust_char_head()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

CVE-2018-10322

The xfsdinodeverify function in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service xfsilockattrmapshared invalid pointer dereference via a crafted xfs image...