VDB
CVE-2009-4307
CVE-2009-4307
PUBLISHED
Reported by mitre · Published December 13, 2009
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Dec 13, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- 38276 third-party-advisoryx_refsource_SECUNIA
- x_refsource_CONFIRM
- [linux-kernel] 20091209 [GIT PULL] ext4 updates for v2.6.33 mailing-listx_refsource_MLIST
- RHSA-2010:0380 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- oval:org.mitre.oval:def:9874 vdb-entrysignaturex_refsource_OVAL
- SUSE-SA:2010:001 vendor-advisoryx_refsource_SUSE
- x_refsource_CONFIRM
- 37658 third-party-advisoryx_refsource_SECUNIA
- SUSE-SA:2010:005 vendor-advisoryx_refsource_SUSE
- MDVSA-2011:029 vendor-advisoryx_refsource_MANDRIVA
- 38017 third-party-advisoryx_refsource_SECUNIA