| Vulnerability Name: | CVE-2018-14609 (CCN-147619) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-07-02 | ||||||||||||||||||||||||||||||||||||
| Published: | 2018-07-02 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2019-08-13 | ||||||||||||||||||||||||||||||||||||
| Summary: | An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-14609 Source: CCN Type: IBM Security Bulletin 744291 (VRA - Vyatta 5600) Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u Source: CCN Type: IBM Security Bulletin 843434 (API Connect) IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018 Source: BID Type: Third Party Advisory, VDB Entry 104917 Source: CCN Type: BID-104917 Linux Kernel Multiple Denial of Service Vulnerabilities Source: CCN Type: Kernel.org Bugzilla Bug 199833 Invalid pointer dereference in __del_reloc_root() when mounting a crafted btrfs image Source: MISC Type: Exploit, Issue Tracking, Third Party Advisory https://bugzilla.kernel.org/show_bug.cgi?id=199833 Source: XF Type: UNKNOWN linux-kernel-cve201814609-dos(147619) Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update Source: CCN Type: Patchwork Web site btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized Source: MISC Type: Patch, Third Party Advisory https://patchwork.kernel.org/patch/10500521/ Source: UBUNTU Type: Third Party Advisory USN-3821-1 Source: UBUNTU Type: Third Party Advisory USN-3821-2 Source: UBUNTU Type: UNKNOWN USN-4094-1 Source: UBUNTU Type: UNKNOWN USN-4118-1 Source: DEBIAN Type: Third Party Advisory DSA-4308 Source: CCN Type: WhiteSource Vulnerability Database CVE-2018-14609 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||