Your submission was sent successfully! Close

CVE-2009-0745

Published: 27 February 2009

The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.

From the Ubuntu Security Team

The ext4 filesystem did not correctly clear group descriptors when resizing. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-23.52)
intrepid
Released (2.6.27-11.31)
jaunty Not vulnerable

upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage

linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.62)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage