Lucene search

HistoryMay 24, 2012 - 12:00 a.m.

[PRE-SA-2012-03] Linux kernel: Buffer overflow in HFS plus filesystem


PRE-CERT Security Advisory

  • Advisory: PRE-SA-2012-03
  • Released on: 10 May 2012
  • Affected product: Linux Kernel 3.3.x <= 3.3.4
    2.6.x <=
  • Impact: code execution / privilege escalation
  • Origin: HFS plus file system
  • Credit: Timo Warns (PRESENSE Technologies GmbH)
  • CVE Identifier: CVE-2012-2319


The Linux kernel contains a vulnerability in the driver for HFS plus
file systems that may be exploited for code execution or privilege

A specially-crafted HFS plus filesystem can cause a buffer overflow via
the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). The

hfsplus_rename_cat&#40;&#41; &#40;in fs/hfsplus/catalog.c&#41; and
hfsplus_readdir&#40;&#41; &#40;in fs/hfsplus/dir.c&#41;

call hfs_bnode_read() with values that result in a memcpy() call with
a fixed-length destination buffer and both, a source buffer and length,
that are read from the filesystem without sufficient validation.

The buffer overflows were previously fixed in the HFS filesystem driver
and have been assigned CVE-2009-4020
(commit ec81aecb29668ad71f699f4e7b96ec46691895b6 [1]).
Commit 6f24f892871acc47b40dd594c63606a17c714f77 ("hfsplus: fix
a potential buffer overflow") [2] also fixes the issue in the HFS plus
filesystem driver.


Compile and use a kernel that does not support the HFS plus file system.
The corresponding configuration key is CONFIG_HFSPLUS_FS.


A patch is available at

The issue has been fixed in Linux 3.3.5.



When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:


PRE-CERT can be reached under [email protected]. For PGP key
information, refer to