An issue was discovered in the Linux kernel. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. References: https://bugzilla.kernel.org/show_bug.cgi?id=200297 A suggested upstream patch: https://www.spinics.net/lists/linux-fsdevel/msg130021.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1611687]
Note: An HFS+ filesystem is not built for any Red Hat products except for Red Hat Enterprise Linux 5, which is no longer in development and is in Extended Life Phase (https://access.redhat.com/support/policy/updates/errata/#Extended_Life_Cycle_Phase).
Mitigation: If the HFS+ filesystem is not in use, this module can be blacklisted and prevented from being loaded. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist the 'hfsplus.ko' kernel module.