Ubuntu

CVE-2012-2100

  1. Ubuntu
  2. “linux” package
  3. Bugs
  4. Bug #984757
Reported by Andy Whitcroft on 2012-04-18
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-armadaxp (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Fix Released
Low
Unassigned
Quantal
Fix Released
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-ec2 (Ubuntu)
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Invalid
Low
Unassigned
Lucid
New
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Invalid
Low
Unassigned
Lucid
Fix Released
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-lts-quantal (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-lts-raring (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-mvl-dove (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Invalid
Low
Unassigned
Lucid
Invalid
Low
Unassigned
Precise
Invalid
Low
Unassigned
Quantal
Invalid
Low
Unassigned
Raring
Invalid
Low
Unassigned
Saucy
Invalid
Low
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

Break-Fix: 503358ae01b70ce6909d19dd01287093f6b6271c d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

See original description
Andy Whitcroft (apw) wrote :

CVE-2012-2100

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Stefan Bader (smb) on 2012-04-20
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
John Johansen (jjohansen) on 2012-04-23
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
John Johansen (jjohansen) on 2012-04-26
Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
John Johansen (jjohansen) on 2012-05-01
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
John Johansen (jjohansen) on 2012-05-03
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
John Johansen (jjohansen) on 2012-05-04
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Low
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-15.59

---------------
linux (2.6.38-15.59) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #987281

  [ Brad Figg ]

  * SAUCE (no-up) Provide a param for allowing the BIOS to handle changing
    the brightness on AC/battery status changes.
    - LP: #949311

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685
  * SAUCE: disable_nx should not be in __cpuinitdata section for X86_32
    - LP: #968233
  * SAUCE: (no-up) remove __initdata from vesafb_fix
    - LP: #969309

  [ Upstream Kernel Changes ]

  * usermodehelper: use UMH_WAIT_PROC consistently
    - LP: #963685
  * usermodehelper: introduce umh_complete(sub_info)
    - LP: #963685
  * usermodehelper: implement UMH_KILLABLE
    - LP: #963685
  * usermodehelper: kill umh_wait, renumber UMH_* constants
    - LP: #963685
  * usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - LP: #963685
  * kmod: introduce call_modprobe() helper
    - LP: #963685
  * kmod: make __request_module() killable
    - LP: #963685
  * drm/i915: Fixes distorted external screen image on HP 2730p
    - LP: #796030
  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Luis Henriques <email address hidden> Mon, 23 Apr 2012 14:02:53 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-15.59~lucid1

---------------
linux-lts-backport-natty (2.6.38-15.59~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #990208

  [ Brad Figg ]

  * SAUCE (no-up) Provide a param for allowing the BIOS to handle changing
    the brightness on AC/battery status changes.
    - LP: #949311

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685
  * SAUCE: disable_nx should not be in __cpuinitdata section for X86_32
    - LP: #968233
  * SAUCE: (no-up) remove __initdata from vesafb_fix
    - LP: #969309

  [ Upstream Kernel Changes ]

  * usermodehelper: use UMH_WAIT_PROC consistently
    - LP: #963685
  * usermodehelper: introduce umh_complete(sub_info)
    - LP: #963685
  * usermodehelper: implement UMH_KILLABLE
    - LP: #963685
  * usermodehelper: kill umh_wait, renumber UMH_* constants
    - LP: #963685
  * usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - LP: #963685
  * kmod: introduce call_modprobe() helper
    - LP: #963685
  * kmod: make __request_module() killable
    - LP: #963685
  * drm/i915: Fixes distorted external screen image on HP 2730p
    - LP: #796030
  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Luis Henriques <email address hidden> Mon, 30 Apr 2012 09:52:55 +0100

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.24

---------------
linux-ti-omap4 (2.6.38-1209.24) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #990206

  [ Upstream Kernel Changes ]

  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Paolo Pisati <email address hidden> Fri, 30 Apr 2012 10:12:35 +0200

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
John Johansen (jjohansen) on 2012-07-05
description: updated
Ike Panhc (ikepanhc) wrote :

Patch 503358ae01b70ce6909d19dd01287093f6b6271c d50f2ab6f050311dbf7b8f5501b25f0bf64a439b already in upstream 3.5

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Ike Panhc (ikepanhc) wrote :

03358ae01b70ce6909d19dd01287093f6b6271c ext4: avoid divide by zero when trying to mount a corrupted file system in upstream 2.6.32-rc8
e2860111eaf589699ff399191dd13b5d3409ef2b ext4: fix undefined behavior in ext4_fill_flex_info() is in linux-armadaxp through 3.2.2 and Ubuntu-3.2.0-12.20

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
John Johansen (jjohansen) on 2012-10-25
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
John Johansen (jjohansen) on 2012-11-08
Changed in linux-lts-quantal (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
Marc Deslauriers (mdeslaur) on 2012-11-09
no longer affects: linux-armadaxp (Ubuntu Natty)
no longer affects: linux-ec2 (Ubuntu Natty)
no longer affects: linux-lts-backport-oneiric (Ubuntu Natty)
no longer affects: linux-lts-backport-natty (Ubuntu Natty)
no longer affects: linux-lts-quantal (Ubuntu Natty)
no longer affects: linux-mvl-dove (Ubuntu Natty)
no longer affects: linux-lts-backport-maverick (Ubuntu Natty)
no longer affects: linux (Ubuntu Natty)
no longer affects: linux-fsl-imx51 (Ubuntu Natty)
no longer affects: linux-ti-omap4 (Ubuntu Natty)
Marc Deslauriers (mdeslaur) on 2012-11-09
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
John Johansen (jjohansen) on 2013-04-09
Changed in linux-armadaxp (Ubuntu Raring):
status: Fix Released → Invalid
John Johansen (jjohansen) on 2013-05-10
no longer affects: linux-armadaxp (Ubuntu Hardy)
no longer affects: linux-armadaxp (Ubuntu Oneiric)
no longer affects: linux-ec2 (Ubuntu Hardy)
no longer affects: linux-ec2 (Ubuntu Oneiric)
no longer affects: linux-lts-backport-oneiric (Ubuntu Hardy)
no longer affects: linux-lts-backport-oneiric (Ubuntu Oneiric)
no longer affects: linux-lts-backport-natty (Ubuntu Hardy)
no longer affects: linux-lts-backport-natty (Ubuntu Oneiric)
no longer affects: linux-lts-quantal (Ubuntu Hardy)
no longer affects: linux-lts-quantal (Ubuntu Oneiric)
no longer affects: linux-mvl-dove (Ubuntu Hardy)
no longer affects: linux-mvl-dove (Ubuntu Oneiric)
no longer affects: linux-lts-backport-maverick (Ubuntu Hardy)
no longer affects: linux-lts-backport-maverick (Ubuntu Oneiric)
no longer affects: linux (Ubuntu Hardy)
no longer affects: linux (Ubuntu Oneiric)
no longer affects: linux-fsl-imx51 (Ubuntu Hardy)
no longer affects: linux-fsl-imx51 (Ubuntu Oneiric)
no longer affects: linux-ti-omap4 (Ubuntu Hardy)
no longer affects: linux-ti-omap4 (Ubuntu Oneiric)
no longer affects: linux-lts-raring (Ubuntu Hardy)
no longer affects: linux-lts-raring (Ubuntu Oneiric)
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.
Subscribing...

Other bug subscribers