Published: 20 August 2010

Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.

From the Ubuntu security team

Toshiyuki Okajima discovered that ext4 did not correctly check certain parameters. A local attacker could exploit this to crash the system or overwrite the last block of large files.