Dear all, after reporting the following bug to the Ubuntu security team, we were asked to report the bug directly to the kernel developers. I have attached the original bug report as well as a link to a zip archive containing all relevant files (including the oops and KASAN report and the causing HFS image). https://ruhr-uni-bochum.sciebo.de/s/7J7paq4FvyKeMv1/download —————————————————————— Dear all, The following null pointer dereference bug was found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the causing hfs filesystem image, the dmesg report and the source code of a simple mounting tool to reproduce this issue. A local users who have been granted the privileges necessary to mount filesystems (or a system components which auto mounts filesystems) could trigger a null pointer dereference or a kernel panic (depending on panic_on_oops). We can verify this issues for Linux 4.15.0-15.16 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source linux"). The desktop version of ubuntu auto-mounts this file system if provided via USB. Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-Universität Bochum) Best regards, Sergej Schumilo
