CVE-2018-14609 — NULL Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
OSV3.3
EPSS
0.3%
top 46.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 27
Latest updateMay 14
Description
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2019-08-13
📋Vendor Advisories
6Red Hat▶
kernel: Invalid pointer dereference in fs/btrfs/relocation.c:__del_reloc_root() when mounting crafted btrfs image↗2018-05-26
💬Community
2Bugzilla▶
CVE-2018-14609 kernel: Invalid pointer dereference in fs/btrfs/relocation.c:__del_reloc_root() when mounting crafted btrfs image [fedora-all]↗2018-07-31
Bugzilla▶
CVE-2018-14609 kernel: Invalid pointer dereference in fs/btrfs/relocation.c:__del_reloc_root() when mounting crafted btrfs image↗2018-07-31