Main Vulnerability Database SB2012040401

SB2012040401 - Denial of service in Linux kernel

Published: April 4, 2012 Updated: March 14, 2017

Security Bulletin ID SB2012040401

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Divide By Zero (CVE-ID: CVE-2012-2100)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to divide-by-zero error in the ext4_fill_flex_info() function. By using a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value), a local attacker can trigger kernel panic.

Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Note: the vulnerability was being actively exploited.

Remediation

Install update from vendor's website.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d50f2ab6f050311dbf7b8f5501...