Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2100

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2012-2100
Last Modified 07 Feb 2013 11:49:48
Published 03 Jul 2012 12:40:32
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2100

Summary

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

Vulnerable Systems

Operating System

  • Linux Kernel 3.2

  • Linux Kernel 3.2.1


References

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

CONFIRM - https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=809687

MLIST - [oss-security] 20120412 Re: fix to CVE-2009-4307

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2

BID - 53414

REDHAT - RHSA-2012:1445

REDHAT - RHSA-2012:1580

Related Patches

Red Hat 2012:1445-01 RHSA Low: kernel security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:58:31