CVE-2012-2100 - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 pla

CVE-2012-2100

Summary

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.33.7:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:2.6.33.7:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*
cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*

CVSS

Base:	7.1 (as of 13-02-2023 - 04:33)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	859946
title	kernel: xen: change the default behaviour of CVE-2012-2934 fix [rhel-5.8.z]

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

comment kernel earlier than 0:2.6.18-308.20.1.el5 is currently running
oval oval:com.redhat.rhsa:tst:20121445025
comment kernel earlier than 0:2.6.18-308.20.1.el5 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20121445026

AND
comment kernel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445001
comment kernel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314002
AND
comment kernel-PAE is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445003
comment kernel-PAE is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314004

AND

comment kernel-PAE-devel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445005
comment kernel-PAE-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314006

AND

comment kernel-debug is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445007
comment kernel-debug is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314008

AND

comment kernel-debug-devel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445009
comment kernel-debug-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314010

AND

comment kernel-devel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445011
comment kernel-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314012

AND
comment kernel-doc is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445013
comment kernel-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314014

AND

comment kernel-headers is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445015
comment kernel-headers is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314016

AND

comment kernel-kdump is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445017
comment kernel-kdump is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314018

AND

comment kernel-kdump-devel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445019
comment kernel-kdump-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314020

AND
comment kernel-xen is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445021
comment kernel-xen is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314022

AND

comment kernel-xen-devel is earlier than 0:2.6.18-308.20.1.el5
oval oval:com.redhat.rhsa:tst:20121445023
comment kernel-xen-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314024

rhsa

id	RHSA-2012:1445
released	2012-11-13
severity	Low
title	RHSA-2012:1445: kernel security and bug fix update (Low)

rhsa
id RHSA-2012:1580

rpms

kernel-0:2.6.18-308.20.1.el5
kernel-PAE-0:2.6.18-308.20.1.el5
kernel-PAE-debuginfo-0:2.6.18-308.20.1.el5
kernel-PAE-devel-0:2.6.18-308.20.1.el5
kernel-debug-0:2.6.18-308.20.1.el5
kernel-debug-debuginfo-0:2.6.18-308.20.1.el5
kernel-debug-devel-0:2.6.18-308.20.1.el5
kernel-debuginfo-0:2.6.18-308.20.1.el5
kernel-debuginfo-common-0:2.6.18-308.20.1.el5
kernel-devel-0:2.6.18-308.20.1.el5
kernel-doc-0:2.6.18-308.20.1.el5
kernel-headers-0:2.6.18-308.20.1.el5
kernel-kdump-0:2.6.18-308.20.1.el5
kernel-kdump-debuginfo-0:2.6.18-308.20.1.el5
kernel-kdump-devel-0:2.6.18-308.20.1.el5
kernel-xen-0:2.6.18-308.20.1.el5
kernel-xen-debuginfo-0:2.6.18-308.20.1.el5
kernel-xen-devel-0:2.6.18-308.20.1.el5
kernel-0:2.6.32-279.19.1.el6
kernel-bootwrapper-0:2.6.32-279.19.1.el6
kernel-debug-0:2.6.32-279.19.1.el6
kernel-debug-debuginfo-0:2.6.32-279.19.1.el6
kernel-debug-devel-0:2.6.32-279.19.1.el6
kernel-debuginfo-0:2.6.32-279.19.1.el6
kernel-debuginfo-common-i686-0:2.6.32-279.19.1.el6
kernel-debuginfo-common-ppc64-0:2.6.32-279.19.1.el6
kernel-debuginfo-common-s390x-0:2.6.32-279.19.1.el6
kernel-debuginfo-common-x86_64-0:2.6.32-279.19.1.el6
kernel-devel-0:2.6.32-279.19.1.el6
kernel-doc-0:2.6.32-279.19.1.el6
kernel-firmware-0:2.6.32-279.19.1.el6
kernel-headers-0:2.6.32-279.19.1.el6
kernel-kdump-0:2.6.32-279.19.1.el6
kernel-kdump-debuginfo-0:2.6.32-279.19.1.el6
kernel-kdump-devel-0:2.6.32-279.19.1.el6
perf-0:2.6.32-279.19.1.el6
perf-debuginfo-0:2.6.32-279.19.1.el6
python-perf-0:2.6.32-279.19.1.el6
python-perf-debuginfo-0:2.6.32-279.19.1.el6

refmap via4

bid	53414
confirm	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=809687 https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
mlist	[oss-security] 20120412 Re: fix to CVE-2009-4307

Last major update

13-02-2023 - 04:33

Published

03-07-2012 - 16:40

Last modified

13-02-2023 - 04:33