Published: 12 April 2012
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
From the Ubuntu security team
A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service.
although the description indicates only PPC is affected, my reading of the patch commentary might well say its only PPC which is not affected
looking at this PPC is one of the few architectures where the original patch for CVE-2009-4307 actually worked. It does not on x86 nor on the clang compiler which optimizes away the check hence, the new CVE and patch