Red Hat Bugzilla – Bug 487942
CVE-2009-0747 kernel: ext4: ext4_isize() denial of service
Last modified: 2011-10-25 13:41:05 EDT
Description of problem:
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 220.127.116.11 and 2.6.28 before 18.104.22.168 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Created attachment 333652 [details]
Steps to reproduce:
bunzip the image file enclosed and mount the image with mount -t ext4 -o loop
mrg-1 is affected by CONFIG_EXT4DEV_FS is not set by default.
CVSS2 score of medium, 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:1243 https://rhn.redhat.com/errata/RHSA-2009-1243.html
All children bugs closed, parent no longer needed