Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 388335 (CVE-2011-3638) - Kernel: ext4 Extent Splitting DoS (CVE-2011-3638)
Summary: Kernel: ext4 Extent Splitting DoS (CVE-2011-3638)
Status: RESOLVED FIXED
Alias: CVE-2011-3638
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://secunia.com/advisories/46489/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-24 13:42 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-10-24 13:42:43 UTC
From secunia security advisory at $URL:

Description:
An error within the implementation of the ext4 file system when splitting extents can be exploited to cause a "BUG_ON()".

The vulnerability is reported in version 2.6.39.4. Other versions may also be affected.


Solution:
Fixed in the GIT repository.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-03-04 21:50:23 UTC
CVE-2011-3638 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3638):
  fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified
  extent as dirty in certain cases of extent splitting, which allows local
  users to cause a denial of service (system crash) via vectors involving ext4
  umount and mount operations.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:42:44 UTC
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.