A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ntfs-3g | Tuxera | * | 2021.8.22 (excluding) |
| Advanced Virtualization for RHEL 8.2.1 | RedHat | virt:8.2-8020120210917153657.863bb0db | * |
| Advanced Virtualization for RHEL 8.2.1 | RedHat | virt-devel:8.2-8020120210917153657.863bb0db | * |
| Advanced Virtualization for RHEL 8.4.0.Z | RedHat | virt:av-8040020210922084349.522a0ee4 | * |
| Advanced Virtualization for RHEL 8.4.0.Z | RedHat | virt-devel:av-8040020210922084349.522a0ee4 | * |
| Red Hat Enterprise Linux 8 | RedHat | virt-devel:rhel-8060020220408104655.d63f516d | * |
| Red Hat Enterprise Linux 8 | RedHat | virt:rhel-8060020220408104655.d63f516d | * |
| Ntfs-3g | Ubuntu | bionic | * |
| Ntfs-3g | Ubuntu | devel | * |
| Ntfs-3g | Ubuntu | esm-infra-legacy/trusty | * |
| Ntfs-3g | Ubuntu | esm-infra/bionic | * |
| Ntfs-3g | Ubuntu | esm-infra/focal | * |
| Ntfs-3g | Ubuntu | esm-infra/xenial | * |
| Ntfs-3g | Ubuntu | focal | * |
| Ntfs-3g | Ubuntu | hirsute | * |
| Ntfs-3g | Ubuntu | impish | * |
| Ntfs-3g | Ubuntu | jammy | * |
| Ntfs-3g | Ubuntu | trusty | * |
| Ntfs-3g | Ubuntu | trusty/esm | * |
| Ntfs-3g | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://bugzilla.redhat.com/show_bug.cgi?id=2001649
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2021/dsa-4971
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://bugzilla.redhat.com/show_bug.cgi?id=2001649
- https://github.com/tuxera/ntfs-3g/releases
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://security.gentoo.org/glsa/202301-01
- https://www.debian.org/security/2021/dsa-4971