Darrick J. Wong

6 exploits Active since Jul 2018
CVE-2018-13093 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17.3 - NULL Pointer Dereference
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
CVSS 5.5
CVE-2018-13095 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17.3 - Out-of-Bounds Write
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
CVSS 5.5
CVE-2018-18690 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17 - Improper Condition Check
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.
CVSS 5.5
CVE-2019-15538 WRITEUP HIGH WRITEUP
Opensuse Leap < 4.9.191 - Denial of Service
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.
CVSS 7.5
CVE-2020-12655 WRITEUP MEDIUM WRITEUP
Linux Kernel <5.6.10 - DoS
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
CVSS 5.5
EIP-2026-102654 EXPLOITDB c WORKING POC
Linux Kernel 2.6.x - 'AIO_Free_Ring' Local Denial of Service