CVE-2012-2100

NameCVE-2012-2100
DescriptionThe ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6sourcesqueeze2.6.32-41squeeze1
linux-2.6source(unstable)3.2.2-1

Notes

incomplete fix of CVE-2009-4307, introducing another issue:
https://lkml.org/lkml/2012/2/20/422

Search for package or bug name: Reporting problems