Commit 503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by zero when trying to mount a corrupted file system") fixes CVE-2009-4307 by performing a sanity check on s_log_groups_per_flex, since it can be set to a bogus value by an attacker. More info from Wang Xi: The first commit (503358ae) fixes the division by zero. The fix is not perfect because: 1) Theoretically, a standard-conforming C compiler could generate code that is still vulnerable to division by zero, but I was not aware of any compilers doing that. 2) Logically, we should have groups_per_flex = 2^s_log_groups_per_flex, and the fix doesn't really ensure that. This is obviously not good, but not sure how bad the consequence would be. Introduced by: http://git.kernel.org/linus/503358ae01b70ce6909d19dd01287093f6b6271c Upstream commit: http://git.kernel.org/linus/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
Created kernel tracking bugs for this issue Affects: fedora-all [bug 809693]
Upstream commit d50f2ab6 suffers from a buffer overflow issue, see https://lkml.org/lkml/2012/2/20/422.
This was assigned the name CVE-2012-2100: http://www.openwall.com/lists/oss-security/2012/04/12/11
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise MRG 2.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1445 https://rhn.redhat.com/errata/RHSA-2012-1445.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1580 https://rhn.redhat.com/errata/RHSA-2012-1580.html