- Description
- The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 6.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:C
- nvd@nist.gov
- CWE-189
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "5E08D2B1-601B-4184-8C01-3F7BB9258146",
"versionEndIncluding": "3.2.1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "7D47A395-821D-4BFF-996E-E849D9A40217"
}
],
"operator": "OR"
}
]
}
]