Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 388335 (CVE-2011-3638)

Summary: Kernel: ext4 Extent Splitting DoS (CVE-2011-3638)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/46489/
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2011-10-24 13:42:43 UTC 
From secunia security advisory at $URL:

Description:
An error within the implementation of the ext4 file system when splitting extents can be exploited to cause a "BUG_ON()".

The vulnerability is reported in version 2.6.39.4. Other versions may also be affected.


Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 21:50:23 UTC 
CVE-2011-3638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3638):
  fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified
  extent as dirty in certain cases of extent splitting, which allows local
  users to cause a denial of service (system crash) via vectors involving ext4
  umount and mount operations.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:42:44 UTC 
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.