Vigil@nce - Linux kernel: denial of service via ext4 extent
July 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use an ext4 filesystem, in order to stop the
kernel.
Severity: 1/4
Creation date: 18/07/2011
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION OF THE VULNERABILITY
The ext4 filesystem uses "extents" to store contiguous information.
A file can be written non linearly: allocation of the total space,
and then filling of blocs in random order. However, if the
penultimate block of a 4Gb extent is written before the last one,
the ext4_ext_put_gap_in_cache() function uses a value which
reaches a limit, and calls the BUG_ON() macro.
A local attacker can therefore use an ext4 filesystem, in order to
stop the kernel.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-ext4-extent-10844