PT-2018-12684 · Btrfsmaintenance · Btrfsmaintenance

Karol Babioch

Published

2018-08-15

Updated

2024-06-15

CVE-2018-14722

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions btrfsmaintenance versions through 0.4.1

Description An issue in the evaluate auto mountpoint function in btrfsmaintenance-functions allows code execution as root via a specially crafted filesystem label. This can occur when btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance, which is not the default configuration.

Recommendations For versions through 0.4.1, consider disabling the auto setting for btrfs-{scrub,balance,trim} in /etc/sysconfig/btrfsmaintenance to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-14722

OPENSUSE-SU-2024:10662-1

Affected Products

Btrfsmaintenance

PT-2018-12684 · Btrfsmaintenance · Btrfsmaintenance

CVE-2018-14722

Related Identifiers

Affected Products

References · 14