Po-Ning Tseng

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.11 Description: The issue is related to an invalid pointer dereference in the `btrfs root node()` function when mounting a crafted btrfs image. This is due to a lack of chunk block group mapping validation in `btrfs read block groups` in `fs/btrfs/extent-tree.c` and a lack of empty-tree checks in `check leaf` in `fs/btrfs/tree-checker.c`. The vulnerability can be exploited to cause a denial of service. Recommendations: For Linux kernel versions prior to 4.17.11, update to version 4.17.11 or later to resolve the issue. As a temporary workaround, consider restricting the mounting of crafted btrfs images to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.10 Description: The issue is related to a use-after-free error in the `try merge free space()` function of the Linux kernel, specifically when mounting a crafted btrfs image. This occurs due to a lack of chunk type flag checks in `btrfs check chunk valid` in `fs/btrfs/volumes.c`. Exploitation of this issue may allow an attacker to cause a denial of service. Recommendations: For Linux kernel versions prior to 4.17.10, update to version 4.17.10 or later to resolve the issue. As a temporary workaround, consider restricting the mounting of btrfs images from untrusted sources to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17.11 Description: The issue is related to out-of-bounds access in the `write extent buffer()` function when mounting and operating a crafted btrfs image. This occurs due to a lack of verification that each block group has a corresponding chunk at mount time, within `btrfs read block groups` in `fs/btrfs/extent-tree.c`. The vulnerability can be exploited to cause a denial of service. Recommendations: For Linux kernel versions prior to 4.17.11, update to version 4.17.11 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted btrfs images to minimize the risk of exploitation.