Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-2100
HistoryApr 12, 2012 - 12:00 a.m.

CVE-2012-2100

2012-04-1200:00:00
ubuntu.com
ubuntu.com
16

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.029 Low

EPSS

Percentile

90.8%

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel
before 3.2.2, on the x86 platform and unspecified other platforms, allows
user-assisted remote attackers to trigger inconsistent filesystem-groups
data and possibly cause a denial of service via a malformed ext4 filesystem
containing a super block with a large FLEX_BG group size (aka
s_log_groups_per_flex value). NOTE: this vulnerability exists because of an
incomplete fix for CVE-2009-4307.

Bugs

Notes

Author Note
apw although the description indicates only PPC is affected, my reading of the patch commentary might well say its only PPC which is not affected
jj looking at this PPC is one of the few architectures where the original patch for CVE-2009-4307 actually worked. It does not on x86 nor on the clang compiler which optimizes away the check hence, the new CVE and patch

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.029 Low

EPSS

Percentile

90.8%