|Bugzilla:||547251: CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system|
The MITRE CVE dictionary describes this issue as:
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
Red Hat is aware of this issue and is tracking it via the following bug:
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue.
A future kernel update for Red Hat Enterprise Linux 5 will address this flaw.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux EUS (v. 5.4 server) (kernel)||RHSA-2010:0380||April 27, 2010|
|Red Hat Enterprise Linux version 5 (kernel)||RHSA-2010:0178||March 29, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.