Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2100


Vulnerability Score 7.1 7.1
CVE Id CVE-2012-2100
Last Modified 07 Feb 2013 11:49:48
Published 03 Jul 2012 12:40:32
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

Vulnerable Systems

Operating System

  • Linux Kernel 3.2

  • Linux Kernel 3.2.1


CONFIRM -;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b



MLIST - [oss-security] 20120412 Re: fix to CVE-2009-4307


BID - 53414

REDHAT - RHSA-2012:1445

REDHAT - RHSA-2012:1580

Related Patches

Red Hat 2012:1445-01 RHSA Low: kernel security and bug fix update for RHEL 5 x86

Last Updated: 27 May 2016 10:58:31