CVE-2009-0747

Advisory lineage Upstream: 0 Downstream: 2

Downstream

DSA-1749-1 RHSA-2009:1243

Modified

Published: 27 Feb 2009, 17:00

Last modified:07 Aug 2024, 04:48

Vulnerability Summary

Overall Risk (default)

low

20/100

CVSS Score

4.9 MEDIUM

v2.0 (nvd)

EPSS Score

0.1% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Feb 2009, 17:00

Published

Vulnerability first disclosed

07 Aug 2024, 04:48

Last Modified

Vulnerability information updated

Description

The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.

CVSS Metrics

v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.10%• Percentile: 27%

Techniques & Countermeasures

CWE-399•Resource Management Errors
Weaknesses in this category are related to improper management of system resources.

Affected Systems

linux•linux_kernel
2.6.27 | 2.6.27:rc1 | 2.6.27:rc2 | 2.6.27:rc3 | 2.6.27:rc4 | 2.6.27:rc5 | 2.6.27:rc6 | 2.6.27:rc7 | 2.6.27:rc8 | 2.6.27:rc9 | 2.6.27.1 | 2.6.27.2 | 2.6.27.3 | 2.6.27.4 | 2.6.27.5 | 2.6.27.6 | 2.6.27.7 | 2.6.27.8 | 2.6.27.9 | 2.6.27.10 | 2.6.27.11 | 2.6.27.12 | 2.6.27.13 | 2.6.27.14 | 2.6.27.15 | 2.6.27.16 | 2.6.27.17 | 2.6.27.18 | 2.6.28 | 2.6.28:rc1 | 2.6.28:rc2 | 2.6.28:rc3 | 2.6.28:rc4 | 2.6.28:rc5 | 2.6.28:rc6 | 2.6.28:rc7 | 2.6.28.1 | 2.6.28.2 | 2.6.28.3 | 2.6.28.4 | 2.6.28.5 | 2.6.28.6