Race condition vulnerability in fs/ocfs2/aops.c in Linux kernel before 4.15 allows local users to cause denial of service

Race condition vulnerability in fs/ocfs2/aops.c in Linux kernel before 4.15 allows local users to cause denial of service

CVE-2017-18224 · LOW Severity

AV:L/AC:M/AU:N/C:N/I:N/A:P

In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.