Dave Chinner

4 exploits Active since Mar 2013
CVE-2013-1819 WRITEUP WRITEUP
Linux Kernel < 3.7.6 - Denial of Service via Invalid XFS Extent Map
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.
CVE-2017-14340 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.13.2 - Denial of Service via XFS Real-Time Inode Flag Handling
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVSS 5.5
CVE-2018-13093 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17.3 - Denial of Service via XFS Pathwalk on Corrupted Image
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.
CVSS 5.5
CVE-2018-13095 WRITEUP MEDIUM WRITEUP
Linux Kernel < 4.17.3 - Denial of Service via Corrupted XFS Image Inode Handling
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
CVSS 5.5