Vigil@nce: Linux kernel, denials of service via ext4
February 2009 by Vigil@nce
An attacker can create a malicious ext4 filesystem and then mount
it in order to stop the kernel.
– Gravity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: low (1/3)
– Number of vulnerabilities in this bulletin: 3
– Creation date: 25/02/2009
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The ext4 filesystem is supported by the Linux kernel since version
2.6.23. Its implementation contains several vulnerabilities
leading to denials of service.
The make_indexed_dir() function of the fs/ext4/namei.c file
incorrectly implements the ".." entry (like VIGILANCE-VUL-8445
(https://vigilance.fr/tree/1/8445)). [grav:1/4]
The ext4_block_to_path() function of the fs/ext4/inode.c file does
not correctly handle i_size_high fields of more than 2G. [grav:1/4]
The ext4_fill_super() function of fs/ext4/super.c file does not
correctly handle superblocks. [grav:1/4]
An attacker can therefore create a malicious ext4 filesystem and
then mount it in order to stop the kernel.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8491
– Url: http://vigilance.fr/vulnerability/Linux-kernel-denials-of-service-via-ext4-8491
SUPPLEMENTS
Vulnerability : make_indexed_dir
The make_indexed_dir() function of the fs/ext4/namei.c file
incorrectly implements the ".." entry (like VIGILANCE-VUL-8445
(https://vigilance.fr/tree/1/8445)).
Gravity: 1/4
Vulnerability : ext4_block_to_path
The ext4_block_to_path() function of the fs/ext4/inode.c file
does not correctly handle i_size_high fields of more than 2G.
Gravity: 1/4
Vulnerability : ext4_fill_super
The ext4_fill_super() function of fs/ext4/super.c file does not
correctly handle superblocks.
Gravity: 1/4