CVE-2017-18257
MEDIUMLinux Kernel < 4.11 - Denial of Service via Integer Overflow in __get_data_block
Title source: llmDescription
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-1/
Patch x_refsource_misc
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143
Patch x_refsource_misc
https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4188
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3696-2/
Scores
CVSS v3
5.5
EPSS
0.0039
EPSS Percentile
31.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (2)
debian/debian_linux
9.0
linux/linux_kernel
< 4.11
Published
Apr 04, 2018
Tracked Since
Feb 18, 2026