Integer Overflow and Loop Denial of Service Vulnerability in Linux Kernel's __get_data_block Function

Integer Overflow and Loop Denial of Service Vulnerability in Linux Kernel's __get_data_block Function

CVE-2017-18257 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.