CVE-2017-18241 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 74.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedMar 21

Latest updateMay 14

Description

fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 4.13

▶Debianlinux/linux_kernel< 4.13.4-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-143.169

▶debiandebian/linux< linux 4.13.4-1 (bookworm)

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-fmfp-q8w9-qgxv: fs/f2fs/segment↗2022-05-14

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2019-03-15

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2019-03-15

▶

OSV

CVE-2017-18241: fs/f2fs/segment↗2018-03-21

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2019-03-15

▶

Ubuntu

Linux kernel vulnerabilities↗2019-03-15

▶

Red Hat

kernel: Null pointer dereference in fs/f2fs/segment.c via mounting fs with noflush_merge option allows local denial of service↗2017-06-01

▶

Debian

CVE-2017-18241: linux - fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a ...↗2017

▶

💬Community

Bugzilla

CVE-2017-18241 kernel: Null pointer dereference in fs/f2fs/segment.c via mounting fs with noflush_merge option allows local denial of service↗2018-03-22

▶