| 1 |
Candidate: CVE-2009-0748
|
| 2 |
Description:
|
| 3 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel
|
| 4 |
2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate
|
| 5 |
the superblock configuration, which allows local users to cause a
|
| 6 |
denial of service (NULL pointer dereference and OOPS) by attempting
|
| 7 |
to mount a crafted ext4 filesystem.
|
| 8 |
References:
|
| 9 |
Ubuntu-Description:
|
| 10 |
Notes:
|
| 11 |
jmm> ext4 is marked as experimental and the vulnerability fairly
|
| 12 |
jmm> obscure, I don't think we should spend energy on this. Dann,
|
| 13 |
jmm> if you don't object I'll mark this as "unimportant" in the
|
| 14 |
jmm> security tracker
|
| 15 |
Bugs:
|
| 16 |
upstream: released (2.6.28.7, 2.6.29-rc1))
|
| 17 |
linux-2.6: released (2.6.29-1)
|
| 18 |
2.6.18-etch-security: N/A
|
| 19 |
2.6.24-etch-security: ignored "code has changed - likely vulnerable, but not important enough to port"
|
| 20 |
2.6.26-lenny-security: released (2.6.26-13lenny2) [bugfix/all/ext4-add-sanity-checks-for-the-superblock-before-mounting.patch]
|
| 21 |
2.6.15-dapper-security:
|
| 22 |
2.6.22-gutsy-security:
|
| 23 |
2.6.24-hardy-security:
|
| 24 |
2.6.27-intrepid-security:
|
Parent Directory
| 
Revision Log