CVE-2012-2100

Published: 12 April 2012

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

From the Ubuntu security team

A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
Patches:
Introduced by 503358ae01b70ce6909d19dd01287093f6b6271c
Fixed by d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-aws
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-gke
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-hwe
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-backport-oneiric
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-wily
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-lts-xenial
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-snapdragon
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.3~rc1)

Notes

AuthorNote
apw
although the description indicates only PPC is affected, my reading
of the patch commentary might well say its only PPC which is not affected
jj
looking at this PPC is one of the few architectures where the original
patch for CVE-2009-4307 actually worked. It does not on x86 nor on the
clang compiler which optimizes away the check hence, the new CVE and patch

References

Bugs