NULL pointer dereference and panic in hfsplus_lookup() when opening a file in a malformed hfs+ filesystem

NULL pointer dereference and panic in hfsplus_lookup() when opening a file in a malformed hfs+ filesystem

CVE-2018-14617 · HIGH Severity

AV:N/AC:M/AU:N/C:N/I:N/A:C

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.