Notes

This a vulnerability in the HFS+ driver of the Linux kernel. Interestingly, the vulnerability has always been present in the kernel tree since the initial git repository build 1da177 in 2005, that is, since Linux-2.6.12-rc2.

HFS+ had been the primary Mac OS X file system until it was replaced with the Apple File System (APFS), released with macOS High Sierra in 2017. It is based on B-tree data structures and is well documented. The vulnerability itself is a buffer overflow in B-tree node processing. Under certain circumstances, the function hfs_bnode_read_key found in fs/hfsplus/bnode.c is used to populate an in-kernel buffer from the filesystem, and the function itself does not check for boundary conditions regarding the size of the key. Linux kernel hfsplus slab-out-of-bounds Write