Bug 1936786 (CVE-2021-3428) - CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent
Summary: CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent
Status: NEW
Alias: CVE-2021-3428
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 1937730 1937731 1937732 1937733 1936787 1938517 1938518 1938519 1938520 1938521
Blocks: 1919799 1972621
TreeView+ depends on / blocked
Reported: 2021-03-09 07:11 UTC by Dhananjay Arunesh
Modified: 2023-09-19 14:13 UTC (History)
38 users (show)

Fixed In Version: kernel 5.9-rc2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Dhananjay Arunesh 2021-03-09 07:11:26 UTC
The Linux kernel's ext4 file system implementation contains an integer overflow that can be triggered by mounting a crafted file system. The problem occurs in ext4_es_cache_extent(), when lblk + len exceeds 2^32.

Comment 1 Dhananjay Arunesh 2021-03-09 07:12:18 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1936787]

Comment 4 Rohit Keshri 2021-03-10 19:38:18 UTC

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 15 Justin M. Forbes 2021-04-13 16:07:10 UTC
This was fixed for Fedora with the 5.8.6 stable kernel update.

Comment 36 Mauro Matteo Cascella 2023-08-01 09:28:17 UTC
The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8

kernel-rt in Red Hat Enterprise Linux 8

Note You need to log in before you can comment on or make changes to this bug.