SB2024050841 - Denial of service in Linux kernel hfsplus
Published: May 8, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024050841
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Deadlock (CVE-ID: CVE-2021-46989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/52dde855663e5db824af51db39b5757d2ef3e28a
- https://git.kernel.org/stable/c/c451a6bafb5f422197d31536f82116aed132b72c
- https://git.kernel.org/stable/c/adbd8a2a8cc05d9e501f93e5c95c59307874cc99
- https://git.kernel.org/stable/c/c477f62db1a0c0ecaa60a29713006ceeeb04b685
- https://git.kernel.org/stable/c/97314e45aa1223a42d60256a62c5d9af54baf446
- https://git.kernel.org/stable/c/c3187cf32216313fb316084efac4dab3a8459b1d
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.120