1936786 – (CVE-2021-3428) CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent

Bug 1936786 (CVE-2021-3428) - CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent

Summary: CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent

Keywords:
Status:	NEW
Alias:	CVE-2021-3428
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1937730 1937731 1937732 1937733 1936787 1938517 1938518 1938519 1938520 1938521
Blocks:	1919799 1972621
TreeView+	depends on / blocked

Reported:	2021-03-09 07:11 UTC by Dhananjay Arunesh
Modified:	2023-09-19 14:13 UTC (History)
CC List:	38 users (show)
Fixed In Version:	kernel 5.9-rc2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2021-03-09 07:11:26 UTC

The Linux kernel's ext4 file system implementation contains an integer overflow that can be triggered by mounting a crafted file system. The problem occurs in ext4_es_cache_extent(), when lblk + len exceeds 2^32.

Comment 1 Dhananjay Arunesh 2021-03-09 07:12:18 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1936787]

Comment 4 Rohit Keshri 2021-03-10 19:38:18 UTC

Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 15 Justin M. Forbes 2021-04-13 16:07:10 UTC

This was fixed for Fedora with the 5.8.6 stable kernel update.

Comment 36 Mauro Matteo Cascella 2023-08-01 09:28:17 UTC

The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:1578

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:1739

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
bhu
blc
bmasney
bxue
chwhite
dvlasenk
hdegoede
hkrzesin
jarodwilson
jeremy
jforbes
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
kyoshida
lgoncalv
linville
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rkeshri
rvrbovsk
steved
walters
williams