66 matches found
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4extdroprefs function when operating on a crafted ext4 filesystem image...
CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
CVE-2018-1094
The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service ext4xattrinodehash NULL pointer dereference and system crash via a crafted ext4 image...
Linux Kernel EXT4 Error Handling Denial Of Service Vulnerability
Mounting a crafted EXT4 image as read-only leads to a kernel panic. Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required...
Linux Kernel EXT4 Error Handling Denial Of Service
OS-S Security Advisory 2016-23 Local DoS: Linux Kernel EXT4 Error Handling EXT4 calling panic Date: October 31th, 2016 Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg CVE: Not yet assigned CVSS: 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C Severity: Critical Ease of Exploitation: Trivial...
kernel: ext4: AIO vs fallocate stale data exposure
Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized...