First published: Fri Jul 27 2018(Updated: )
An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <=4.17.10 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.21-1 6.12.22-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14613 has a medium severity rating due to the potential for exploitation through crafted btrfs images.
To fix CVE-2018-14613, upgrade your Linux kernel to version 5.10.223-1, 5.10.226-1, 6.1.119-1, 6.1.123-1, 6.12.10-1, or 6.12.11-1.
CVE-2018-14613 affects Linux kernel versions up to and including 4.17.10.
The potential impacts of CVE-2018-14613 include system crashes or potential arbitrary code execution when dealing with unvalidated btrfs images.
Yes, CVE-2018-14613 can be exploited remotely if an attacker can convince a user to mount a crafted btrfs image.