CVE-2009-4308
6.4 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.07 Low
EPSS
Percentile
93.9%
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f1ddbb498283c2445c11b0dfa666424c301803
lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
secunia.com/advisories/37658
secunia.com/advisories/38017
secunia.com/advisories/38276
secunia.com/advisories/43315
www.debian.org/security/2010/dsa-2005
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32
www.mandriva.com/security/advisories?name=MDVSA-2010:198
www.redhat.com/support/errata/RHSA-2010-0147.html
www.securityfocus.com/archive/1/516397/100/0/threaded
www.vmware.com/security/advisories/VMSA-2011-0003.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11103
Social References
More
Related
6.4 Medium
AI Score
Confidence
High
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.07 Low
EPSS
Percentile
93.9%