An issue was discovered in the Linux kernel. A NULL pointer dereference and panic in hfsplus_lookup() in the fs/hfsplus/dir.c function can occur when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.
If the HFS+ filesystem is not in use, this module can be blacklisted and prevented from being loaded. See <https://access.redhat.com/solutions/41278> for instructions on how to blacklist the 'hfsplus.ko' kernel module.