Описание
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
Ссылки
- Mailing ListPatchThird Party Advisory
- Vendor Advisory
- Vendor Advisory
- Mailing ListPatchThird Party Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.1 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
In shiftfs, a non-upstream patch to the Linux kernel included in the U ...
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". As the private_data is not required to be a pointer, an attacker can use this to cause a denial of service or possibly execute arbitrary code.
Уязвимость компонента shiftfs ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.1 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2