---

CVE-2021-3428 - log back

CVE-2021-3428 edited at 17 Mar 2021 12:38:20
Description	- The Linux kernel's ext4 file system implementation contains an integer overflow that can be triggered by mounting a crafted file system. The problem occurs in ext4_es_cache_extent(), when lblk + len exceeds 2^32. + A security issue was found in the Linux kernel before version 5.9. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, a local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
References	+ https://www.openwall.com/lists/oss-security/2021/03/17/1 + https://www.openwall.com/lists/oss-security/2021/03/17/2 https://bugzilla.redhat.com/show_bug.cgi?id=1936786 + https://bugzilla.suse.com/show_bug.cgi?id=1173485 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d176b1f62f242ab259ff665a26fbac69db1aecba + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bf9a379d0980e7413d94cb18dac73db2bfc5f470 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ce9f24cccdc019229b70a5c15e2b09ad9c0ab5d1

CVE-2021-3428 edited at 16 Mar 2021 10:49:39
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	+ The Linux kernel's ext4 file system implementation contains an integer overflow that can be triggered by mounting a crafted file system. The problem occurs in ext4_es_cache_extent(), when lblk + len exceeds 2^32.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1936786
Notes

CVE-2021-3428 created at 16 Mar 2021 10:48:45