Linux Kernel ntfs_attr_find Stack-Based Out-of-Bounds Write Denial of Service VulnerabilityAugust 23, 2018 am31 3:18 am

A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the ntfs_attr_find() function in the ntfs.ko filesystem driver of the affected software. An attacker could exploit the vulnerability by mounting a crafted NTFS filesystem that submits malicious input to the affected software. A successful exploit could trigger a stack-based out-of-bounds write error and cause the affected software to terminate abnormally, leading to a DoS condition.

The maintainer of the Linux NTFS subsystem has confirmed the vulnerability; however, software updates are not available.

Security Impact Rating: Medium

CVE: CVE-2018-12931

%d bloggers like this: