Theodore Ts'o - Security Researcher - Exploit Intelligence Platform

CVE-2013-2015 WRITEUP WRITEUP

Linux Kernel < 3.7.2 - Resource Management Error

The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.

View Code

CVE-2019-11833 WRITEUP MEDIUM WRITEUP

Linux kernel <5.1.2 - Info Disclosure

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

CVSS 5.5

View Code

CVE-2019-19767 WRITEUP MEDIUM WRITEUP

Linux Kernel < 5.4.2 - Use After Free

The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.

CVSS 5.5

View Code

CVE-2022-28796 WRITEUP HIGH WRITEUP

Linux kernel <5.17.1 - Use After Free

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

CVSS 7.0

View Code