CVE-2008-4934
kernel: hfsplus: check read_mapping_page() return value
Severity Score
6.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image.
La función hfsplus_block_allocate en el archivo fs/hfsplus/bitmap.c en el kernel de Linux anterior a versión 2.6.28-rc1 no verifica cierto valor de retorno de la función read_mapping_page anterior al llamar a kmap, lo que permite a los atacantes causar una denegación de servicio (bloqueo de sistema) por medio de una imagen del sistema de archivos hfsplus.
The Linux 2.6 kernel has had various security vulnerabilities addressed. These range from bypass issues to denial of service and improper validation.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-11-05 CVE Reserved
- 2008-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=649f1ee6c705aab644035a7998d7b574193a598a | X_refsource_confirm | |
| http://secunia.com/advisories/32510 | Third Party Advisory | |
| http://secunia.com/advisories/32918 | Third Party Advisory | |
| http://secunia.com/advisories/32998 | Third Party Advisory | |
| http://secunia.com/advisories/33180 | Third Party Advisory | |
| http://secunia.com/advisories/33556 | Third Party Advisory | |
| http://secunia.com/advisories/33858 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2008/11/03/2 | Mailing List |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46327 | Third Party Advisory | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11635 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2009-0014.html | 2023-11-07 | |
| http://www.securityfocus.com/bid/32096 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2009-0264.html | 2023-11-07 | |
| http://www.debian.org/security/2008/dsa-1681 | 2023-11-07 | |
| http://www.debian.org/security/2008/dsa-1687 | 2023-11-07 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:234 | 2023-11-07 | |
| http://www.ubuntu.com/usn/usn-679-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2008-4934 | 2009-02-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=469640 | 2009-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 2.6.28 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.28" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10" | - |
Affected
| ||||||