Bug 1936786 (CVE-2021-3428)
Summary: | CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, bxue, chwhite, dvlasenk, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, steved, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.9-rc2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1937730, 1937731, 1937732, 1937733, 1936787, 1938517, 1938518, 1938519, 1938520, 1938521 | ||
Bug Blocks: | 1919799, 1972621 |
Description
Dhananjay Arunesh
2021-03-09 07:11:26 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1936787] Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. This was fixed for Fedora with the 5.8.6 stable kernel update. The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2021:1578 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2021:1739 |