CVE-2013-2015
4.7
Vector
AV:L/AC:M/Au:N/C:N/I:N/A:C
Exploitability: 3.4 / Impact: 6.9
Source: NVD
Description
The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
Affected (208)
Products: Linux: Linux Kernel · Redhat: Enterprise Linux, Enterprise Mrg
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 3.7.2 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5 | |
| Version 2.0 |
Related CWEs
References (12)
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.