fkie_cve-2009-0745
Vulnerability from fkie_nvd
Published
2009-02-27 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
References
cve@mitre.orghttp://bugzilla.kernel.org/show_bug.cgi?id=12433
cve@mitre.orghttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412
cve@mitre.orghttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
cve@mitre.orghttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2009-1243.html
cve@mitre.orghttp://secunia.com/advisories/34394
cve@mitre.orghttp://secunia.com/advisories/34981
cve@mitre.orghttp://secunia.com/advisories/36562
cve@mitre.orghttp://secunia.com/advisories/37471
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1749
cve@mitre.orghttp://www.debian.org/security/2009/dsa-1787
cve@mitre.orghttp://www.securityfocus.com/archive/1/507985/100/0/threaded
cve@mitre.orghttp://www.ubuntu.com/usn/usn-751-1
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0509Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3316
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.kernel.org/show_bug.cgi?id=12433
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412
af854a3a-2127-422b-91ae-364da2661108http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19
af854a3a-2127-422b-91ae-364da2661108http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-1243.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34394
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34981
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36562
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37471
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1749
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2009/dsa-1787
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-751-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0509Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765
Impacted products
Vendor Product Version
linux linux_kernel 2.6.27
linux linux_kernel 2.6.27.1
linux linux_kernel 2.6.27.2
linux linux_kernel 2.6.27.3
linux linux_kernel 2.6.27.4
linux linux_kernel 2.6.27.5
linux linux_kernel 2.6.27.6
linux linux_kernel 2.6.27.7
linux linux_kernel 2.6.27.8
linux linux_kernel 2.6.27.9
linux linux_kernel 2.6.27.10
linux linux_kernel 2.6.27.11
linux linux_kernel 2.6.27.12
linux linux_kernel 2.6.27.13
linux linux_kernel 2.6.27.14
linux linux_kernel 2.6.27.15
linux linux_kernel 2.6.27.16
linux linux_kernel 2.6.27.17
linux linux_kernel 2.6.27.18
linux linux_kernel 2.6.28
linux linux_kernel 2.6.28.1
linux linux_kernel 2.6.28.2
linux linux_kernel 2.6.28.3
linux linux_kernel 2.6.28.4
linux linux_kernel 2.6.28.5
linux linux_kernel 2.6.28.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "856FE78A-29B5-4411-98A0-4B0281C17EB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "324B5A3E-FA65-4F02-9B8F-872F38CD1808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75A8FC4-58D2-4B6A-9D8E-FF12DF52E249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE21E2AE-9E01-471C-A419-6AB40A49C2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADFC2D46-65D0-426F-9AF8-8C910AE91D49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "11795F8E-7ACD-4597-9194-FC7241DCE057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F381E1-F3C5-49BE-B094-4D90E7B108F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82A6217-CFA6-4E72-8BED-0297E13EABF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEA1AF2-2DE7-4B38-987D-15FFA70F06B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7954A701-1671-4080-B1E6-47E0208FD28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D06512-EAF0-48C6-98F0-066E63FF07EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F35DA6B-C6D4-47CC-97E7-9659DCFDD162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75B48F1-623A-4B96-9E08-4AA2DE748490",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6EB7C3-D9AB-43E7-8B78-2C36AE920935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC87A28-C6A1-4E90-BD9F-A5BE1985DB50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0383E2A5-60EE-47F3-9DA8-BF75028D511F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8B0C229-2A79-47E0-856A-2AE0FF97B967",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB27B247-D6BF-49C4-B113-76C9A47B7DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "F94BA1B0-52B9-4303-9C41-3ACC3AC1945E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "26BD805F-08EB-42EC-BC54-26A7278E5089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "217715A5-E69D-45C0-B8E4-5681528C651B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87AD66C-4321-4459-8556-3B0BA38C493A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "87A347E0-9C0B-4674-9363-3C36DA27AC45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E0F3DF0-6BD0-4560-9A13-C6493939D8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE1DF7-99CB-416B-B6F9-EC40FBD7D1C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B93AF773-FBB4-4A4A-ADD5-ADA40C24CD36",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ext4_group_add en fs/ext4/resize.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28  anteriores a v2.6.28.7 no inicializa de forma adecuada el descriptor de grupo durante una operaci\u00f3n de cambio de tama\u00f1o (tambi\u00e9n conocido como resize2fs), que podr\u00eda permitir a los usuarios locales, provocar una denegaci\u00f3n de servicio (OOPS) organizando valores manipulados, para estar en la memoria disponible."
    }
  ],
  "id": "CVE-2009-0745",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-27T17:30:09.920",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34394"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/34981"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1787"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-751-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-751-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. \n\nThis issue was addressed in Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1243.html",
      "lastModified": "2009-09-02T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.