Name of the Vulnerable Software and Affected Versions:

Linux Kernel versions up to 6.12.0

Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic

Linux Kernel versions 2.x up to 6.13

Description:

The issue is related to a heap overflow vulnerability in the HFS+ file system implementation in the Linux Kernel. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service or possibly execute arbitrary code. The vulnerability can be exploited to achieve local privilege escalation. Local users can install arbitrary file systems via Udisks2 due to Polkit rules.

Recommendations:

For Linux Kernel versions up to 6.12.0, update to a version that includes the fix for this vulnerability.

For Ubuntu 22.04 with Linux Kernel 6.5.0-18-generic, update to a newer version that includes the fix for this vulnerability.

For Linux Kernel versions 2.x up to 6.13, update to a version that includes the fix for this vulnerability.

As a temporary workaround, consider restricting access to the HFS+ file system implementation until a patch is available.

Avoid using the HFS+ file system implementation until the issue is resolved.