CVE Reference: CVE-2012-2100

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-2100

Description:
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

CVE Status:
Candidate

References:

REDHAT
  http://rhn.redhat.com/errata/RHSA-2012-1445.html
  http://rhn.redhat.com/errata/RHSA-2012-1580.html

MLIST
  http://www.openwall.com/lists/oss-security/2012/04/12/11

CONFIRM
  http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

BID
  53414


Return to the previous page.