Jaegeuk Kim - Security Researcher - Exploit Intelligence Platform

CVE-2017-10662 WRITEUP HIGH WRITEUP

Linux kernel <4.11.1 - Privilege Escalation

The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors.

CVSS 7.8

View Code

CVE-2017-10663 WRITEUP HIGH WRITEUP

Linux Kernel < 3.18.64 - Improper Array Index Validation

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.

CVSS 7.8

View Code

CVE-2019-19815 WRITEUP MEDIUM WRITEUP

Linux Kernel - NULL Pointer Dereference

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.

CVSS 5.5

View Code