Vulnerability Description
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.11 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33Patch
- https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db14Patch
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://www.debian.org/security/2018/dsa-4188Third Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33Patch
- https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db14Patch
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://www.debian.org/security/2018/dsa-4188Third Party Advisory
FAQ
What is CVE-2017-18257?
CVE-2017-18257 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate sy...
How severe is CVE-2017-18257?
CVE-2017-18257 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18257?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.