An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid NULL pointer dereference in btrfs_root_node() when mounting a crafted btrfs image is due to a lack of chunk block group mapping validation in btrfs_read_block_groups() in the fs/btrfs/extent-tree.c function and a lack of empty-tree checks in check_leaf() in fs/btrfs/tree-checker.c function. This could lead to a system crash and a denial of service.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center