CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
5.1%
The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linux
kernel before 3.3.1 does not properly handle the _Delay and _Unwritten
buffer head states, which allows local users to cause a denial of service
(system crash) by leveraging the presence of an ext4 filesystem that was
mounted with a journal.
Author | Note |
---|---|
apw | This is sitting in Ted Ts’o’s dev tree presumably waiting on the 3.4 merge window, the issue is masked from v3.2 onwards by other commits. The commit itself is marked for stable and for now I suspect we should wait for it. We have no stable commit id as yet, see: jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer this has now appeared upstream (see below) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | linux | < 2.6.24-31.101 | UNKNOWN |
ubuntu | 10.04 | noarch | linux | < 2.6.32-41.89 | UNKNOWN |
ubuntu | 11.04 | noarch | linux | < 2.6.38-15.59 | UNKNOWN |
ubuntu | 11.10 | noarch | linux | < 3.0.0-19.32 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-345.48 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-natty | < 2.6.38-15.59~lucid1 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-oneiric | < 3.0.0-19.32~lucid1 | UNKNOWN |
ubuntu | 11.04 | noarch | linux-ti-omap4 | < 2.6.38-1209.24 | UNKNOWN |
ubuntu | 11.10 | noarch | linux-ti-omap4 | < 3.0.0-1209.20 | UNKNOWN |
thread.gmane.org/gmane.comp.file-systems.ext4/30623
launchpad.net/bugs/cve/CVE-2011-4086
nvd.nist.gov/vuln/detail/CVE-2011-4086
rhn.redhat.com/errata/RHSA-2012-0107.html
security-tracker.debian.org/tracker/CVE-2011-4086
ubuntu.com/security/notices/USN-1431-1
ubuntu.com/security/notices/USN-1432-1
ubuntu.com/security/notices/USN-1433-1
ubuntu.com/security/notices/USN-1440-1
ubuntu.com/security/notices/USN-1445-1
ubuntu.com/security/notices/USN-1446-1
ubuntu.com/security/notices/USN-1453-1
ubuntu.com/security/notices/USN-1454-1
ubuntu.com/security/notices/USN-1458-1
www.cve.org/CVERecord?id=CVE-2011-4086