Bug 547251 – CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 547251 - (CVE-2009-4307) CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system

Summary:	CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corru...

Status:	CLOSED ERRATA

Aliases:	CVE-2009-4307

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	reported=20091214,public=20091123,sou...
Keywords:	Security

Depends On:	547252 547253
Blocks:
	Show dependency tree / graph

Reported:	2009-12-14 00:47 EST by Eugene Teo (Security Response)
Modified:	2015-02-16 10:48 EST (History)
CC List:	10 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-04-12 16:18:36 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
corrupted image for this issue (760.06 KB, application/x-gzip) 2009-12-14 00:50 EST, Eugene Teo (Security Response)	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2010:0178	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Linux 5.5 kernel security and bug fix update	2010-03-29 08:18:21 EDT
Red Hat Product Errata	RHSA-2010:0380	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2010-04-27 08:46:01 EDT

Groups: None (edit)

Description Eugene Teo (Security Response) 2009-12-14 00:47:17 EST

Description of problem:
ext4: avoid divide by zero when trying to mount a corrupted file system
    
If s_log_groups_per_flex is greater than 31, then groups_per_flex will overflow and cause a divide by zero error.  This can cause kernel BUG if such a file system is mounted.
    
Upstream commit: 
http://git.kernel.org/linus/503358ae01b70ce6909d19dd01287093f6b6271c

References:
http://bugzilla.kernel.org/show_bug.cgi?id=14287
http://secunia.com/advisories/37658

Comment 2 Eugene Teo (Security Response) 2009-12-14 00:50:19 EST

Created attachment 378143 [details]
corrupted image for this issue

Comment 3 Aristeu Rozanski 2010-01-26 08:32:11 EST

Patch present on the current RHEL6 git tree.

Comment 4 errata-xmlrpc 2010-03-30 02:49:08 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0178 https://rhn.redhat.com/errata/RHSA-2010-0178.html

Comment 7 errata-xmlrpc 2010-04-27 08:46:11 EDT

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5.4.Z - Server Only

Via RHSA-2010:0380 https://rhn.redhat.com/errata/RHSA-2010-0380.html

Comment 10 Eugene Teo (Security Response) 2010-11-04 03:59:53 EDT

Statement:
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0380.html.

Note You need to log in before you can comment on or make changes to this bug.