Ubuntu

CVE-2012-2100

Reported by Andy Whitcroft on 2012-04-18
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-armadaxp (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-ec2 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-fsl-imx51 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-backport-maverick (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-backport-natty (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-backport-oneiric (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-quantal (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-lts-raring (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-mvl-dove (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned
linux-ti-omap4 (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned
Precise
Low
Unassigned
Quantal
Low
Unassigned
Raring
Low
Unassigned
Saucy
Low
Unassigned

Bug Description

The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.

Break-Fix: 503358ae01b70ce6909d19dd01287093f6b6271c d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

Andy Whitcroft (apw) wrote :

CVE-2012-2100

tags: added: kernel-cve-tracking-bug
security vulnerability: no → yes
security vulnerability: no → yes
Changed in linux (Ubuntu Natty):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Stefan Bader (smb) on 2012-04-20
Changed in linux (Ubuntu Natty):
status: In Progress → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Natty):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-ec2 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ec2 (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux-lts-backport-natty (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-natty (Ubuntu Natty):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Precise):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Hardy):
status: New → Invalid
Changed in linux-mvl-dove (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Precise):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
status: New → Invalid
Changed in linux-lts-backport-maverick (Ubuntu Natty):
status: New → Invalid
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Lucid):
status: New → Fix Committed
Changed in linux (Ubuntu Precise):
status: New → Invalid
Changed in linux (Ubuntu Hardy):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux-ti-omap4 (Ubuntu Lucid):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Precise):
status: New → Invalid
Changed in linux-ti-omap4 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Precise):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Hardy):
status: New → Invalid
Changed in linux-fsl-imx51 (Ubuntu Natty):
status: New → Invalid
description: updated
Changed in linux-ec2 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-oneiric (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-natty (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-mvl-dove (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-lts-backport-maverick (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux (Ubuntu Precise):
importance: Undecided → Low
Changed in linux (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-ti-omap4 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Oneiric):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Lucid):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Hardy):
importance: Undecided → Low
Changed in linux-fsl-imx51 (Ubuntu Natty):
importance: Undecided → Low
Changed in linux-ec2 (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-ti-omap4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Changed in linux-armadaxp (Ubuntu Precise):
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Natty):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Precise):
status: New → Fix Committed
Changed in linux-armadaxp (Ubuntu Quantal):
status: New → Fix Committed
importance: Undecided → Low
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-15.59

---------------
linux (2.6.38-15.59) natty-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #987281

  [ Brad Figg ]

  * SAUCE (no-up) Provide a param for allowing the BIOS to handle changing
    the brightness on AC/battery status changes.
    - LP: #949311

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685
  * SAUCE: disable_nx should not be in __cpuinitdata section for X86_32
    - LP: #968233
  * SAUCE: (no-up) remove __initdata from vesafb_fix
    - LP: #969309

  [ Upstream Kernel Changes ]

  * usermodehelper: use UMH_WAIT_PROC consistently
    - LP: #963685
  * usermodehelper: introduce umh_complete(sub_info)
    - LP: #963685
  * usermodehelper: implement UMH_KILLABLE
    - LP: #963685
  * usermodehelper: kill umh_wait, renumber UMH_* constants
    - LP: #963685
  * usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - LP: #963685
  * kmod: introduce call_modprobe() helper
    - LP: #963685
  * kmod: make __request_module() killable
    - LP: #963685
  * drm/i915: Fixes distorted external screen image on HP 2730p
    - LP: #796030
  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Luis Henriques <email address hidden> Mon, 23 Apr 2012 14:02:53 +0100

Changed in linux (Ubuntu Natty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-lts-backport-natty - 2.6.38-15.59~lucid1

---------------
linux-lts-backport-natty (2.6.38-15.59~lucid1) lucid-proposed; urgency=low

  [Luis Henriques]

  * Release Tracking Bug
    - LP: #990208

  [ Brad Figg ]

  * SAUCE (no-up) Provide a param for allowing the BIOS to handle changing
    the brightness on AC/battery status changes.
    - LP: #949311

  [ Tim Gardner ]

  * SAUCE: ubuntu drivers: use UMH_WAIT_PROC consistently
    - LP: #963685
  * SAUCE: disable_nx should not be in __cpuinitdata section for X86_32
    - LP: #968233
  * SAUCE: (no-up) remove __initdata from vesafb_fix
    - LP: #969309

  [ Upstream Kernel Changes ]

  * usermodehelper: use UMH_WAIT_PROC consistently
    - LP: #963685
  * usermodehelper: introduce umh_complete(sub_info)
    - LP: #963685
  * usermodehelper: implement UMH_KILLABLE
    - LP: #963685
  * usermodehelper: kill umh_wait, renumber UMH_* constants
    - LP: #963685
  * usermodehelper: ____call_usermodehelper() doesn't need do_exit()
    - LP: #963685
  * kmod: introduce call_modprobe() helper
    - LP: #963685
  * kmod: make __request_module() killable
    - LP: #963685
  * drm/i915: Fixes distorted external screen image on HP 2730p
    - LP: #796030
  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Luis Henriques <email address hidden> Mon, 30 Apr 2012 09:52:55 +0100

Changed in linux-lts-backport-natty (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-ti-omap4 - 2.6.38-1209.24

---------------
linux-ti-omap4 (2.6.38-1209.24) natty-proposed; urgency=low

  * Release Tracking Bug
    - LP: #990206

  [ Upstream Kernel Changes ]

  * ext4: fix undefined behavior in ext4_fill_flex_info()
    - LP: #984757
    - CVE-2012-2100
  * jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer
    - LP: #929781
    - CVE-2011-4086
  * cifs: fix dentry refcount leak when opening a FIFO on lookup
    - LP: #947997
    - CVE-2012-1090
 -- Paolo Pisati <email address hidden> Fri, 30 Apr 2012 10:12:35 +0200

Changed in linux-ti-omap4 (Ubuntu Natty):
status: Fix Committed → Fix Released
description: updated
Ike Panhc (ikepanhc) wrote :

Patch 503358ae01b70ce6909d19dd01287093f6b6271c d50f2ab6f050311dbf7b8f5501b25f0bf64a439b already in upstream 3.5

Changed in linux-armadaxp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Ike Panhc (ikepanhc) wrote :

03358ae01b70ce6909d19dd01287093f6b6271c ext4: avoid divide by zero when trying to mount a corrupted file system in upstream 2.6.32-rc8
e2860111eaf589699ff399191dd13b5d3409ef2b ext4: fix undefined behavior in ext4_fill_flex_info() is in linux-armadaxp through 3.2.2 and Ubuntu-3.2.0-12.20

Changed in linux-armadaxp (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in linux-lts-backport-oneiric (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in linux-lts-quantal (Ubuntu Natty):
status: New → Invalid
Changed in linux-lts-quantal (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Oneiric):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Hardy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-quantal (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
no longer affects: linux-armadaxp (Ubuntu Natty)
no longer affects: linux-ec2 (Ubuntu Natty)
no longer affects: linux-lts-backport-oneiric (Ubuntu Natty)
no longer affects: linux-lts-backport-natty (Ubuntu Natty)
no longer affects: linux-lts-quantal (Ubuntu Natty)
no longer affects: linux-mvl-dove (Ubuntu Natty)
no longer affects: linux-lts-backport-maverick (Ubuntu Natty)
no longer affects: linux (Ubuntu Natty)
no longer affects: linux-fsl-imx51 (Ubuntu Natty)
no longer affects: linux-ti-omap4 (Ubuntu Natty)
Changed in linux-lts-quantal (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
Changed in linux-armadaxp (Ubuntu Raring):
status: Fix Released → Invalid
no longer affects: linux-armadaxp (Ubuntu Hardy)
no longer affects: linux-armadaxp (Ubuntu Oneiric)
no longer affects: linux-ec2 (Ubuntu Hardy)
no longer affects: linux-ec2 (Ubuntu Oneiric)
no longer affects: linux-lts-backport-oneiric (Ubuntu Hardy)
no longer affects: linux-lts-backport-oneiric (Ubuntu Oneiric)
no longer affects: linux-lts-backport-natty (Ubuntu Hardy)
no longer affects: linux-lts-backport-natty (Ubuntu Oneiric)
no longer affects: linux-lts-quantal (Ubuntu Hardy)
no longer affects: linux-lts-quantal (Ubuntu Oneiric)
no longer affects: linux-mvl-dove (Ubuntu Hardy)
no longer affects: linux-mvl-dove (Ubuntu Oneiric)
no longer affects: linux-lts-backport-maverick (Ubuntu Hardy)
no longer affects: linux-lts-backport-maverick (Ubuntu Oneiric)
no longer affects: linux (Ubuntu Hardy)
no longer affects: linux (Ubuntu Oneiric)
no longer affects: linux-fsl-imx51 (Ubuntu Hardy)
no longer affects: linux-fsl-imx51 (Ubuntu Oneiric)
no longer affects: linux-ti-omap4 (Ubuntu Hardy)
no longer affects: linux-ti-omap4 (Ubuntu Oneiric)
no longer affects: linux-lts-raring (Ubuntu Hardy)
no longer affects: linux-lts-raring (Ubuntu Oneiric)
Changed in linux-lts-raring (Ubuntu Precise):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Lucid):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
importance: Undecided → Low
Changed in linux-lts-raring (Ubuntu Raring):
status: New → Invalid
importance: Undecided → Low
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers