The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
3.13.0-157.2074.4.0-1023.234.4.0-128.154~14.04.14.4.0-128.1544.4.0-1061.704.15.0-1013.13~16.04.24.13.0-1019.234.15.0-24.26~16.04.14.4.0-1027.324.13.0-1030.33Exploitability
AV:LAC:LPR:NUI:RScope
S:UImpact
C:NI:NA:HCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H