CVE - CVE-2009-4308

CVE-ID
CVE-2009-4308	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f1ddbb498283c2445c11b0dfa666424c301803 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0003.html DEBIAN:DSA-2005 URL:http://www.debian.org/security/2010/dsa-2005 MANDRIVA:MDVSA-2010:198 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:198~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11103 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11103 REDHAT:RHSA-2010:0147 URL:http://www.redhat.com/support/errata/RHSA-2010-0147.html SECUNIA:37658 URL:http://secunia.com/advisories/37658 SECUNIA:38017 URL:http://secunia.com/advisories/38017 SECUNIA:38276 URL:http://secunia.com/advisories/38276 SECUNIA:43315 URL:http://secunia.com/advisories/43315 SUSE:SUSE-SA:2010:001 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html SUSE:SUSE-SA:2010:005 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html SUSE:SUSE-SA:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Assigning CNA
MITRE Corporation
Date Record Created
20091212	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091212)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)