CVE-2008-3528 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3528): The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate attackers to cause a denial of service (temporary system hang) by mounting a filesystem that has corrupted dir->i_size and dir->i_blocks values and performing (a) read or (b) write operations. NOTE: there are limited scenarios in which this crosses privilege boundaries.
Excluding hardened, as they do not have 2.6.26.5. http://lkml.org/lkml/2008/9/13/98 http://lkml.org/lkml/2008/9/13/99 http://lkml.org/lkml/2008/9/17/371 Upstream commits: - bd39597cbd42a784105a04010100e27267481c67 (ext2) - cdbf6dba28e8e6268c8420857696309470009fd9 (ext3) - 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)