Description The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test.
CVSS vector AV:L/AC:M/C:N/I:N/A:C Exploitability: 3.4 | Impact: 6.9 Confidentiality: None
Integrity: None
Affected Packages3 packages Also affects: Enterprise Linux 5, 6.0
🔴 Vulnerability Details10 GHSA GHSA-wpvr-2qhr-52v2: The ext4_orphan_del function in fs/ext4/namei ↗ 2022-05-13 ▶ OSV linux-lts-vivid vulnerabilities ↗ 2016-03-14 ▶ OSV linux-lts-utopic vulnerabilities ↗ 2016-03-14 ▶ OSV linux-lts-utopic vulnerabilities ↗ 2016-02-02 ▶ OSV nbd vulnerabilities ↗ 2015-07-22 ▶ Show 5 more
💥 Exploits & PoCs6 Exploit-DB Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132) ↗ 2015-12-14 ▶ Exploit-DB Microsoft Office 2007 - 'OGL.dll' ValidateBitmapInfo Bounds Check Failure (MS15-097) ↗ 2015-09-16 ▶ Exploit-DB Microsoft Windows XP SP3 (x86) / 2003 SP2 (x86) - 'NDProxy' Local Privilege Escalation (MS14-002) ↗ 2015-08-07 ▶ Exploit-DB INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service ↗ 2015-07-07 ▶ Exploit-DB MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series ↗ 2015-04-27 ▶ Show 1 more
📋 Vendor Advisories5 Red Hat webkitgtk: use-after-free vulnerability in the handling of input (WSA-2015-0001) ↗ 2015-01-26 ▶ Red Hat webkitgtk: use-after-free in the HTMLFormElement::prepareForSubmission() (WSA-2015-0001) ↗ 2015-01-26 ▶ Red Hat webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001) ↗ 2015-01-26 ▶ Debian CVE-2013-2015: linux - The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3... ↗ 2013 ▶ Red Hat Kernel: ext4: hang when mounting non-journal filesystems with orphan list ↗ 2012-12-27 ▶
💬 Community7 Bugzilla CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted ↗ 2016-01-12 ▶ Bugzilla CVE-2013-7446 kernel: Unix sockets use after free - peer_wait_queue prematurely freed ↗ 2015-11-17 ▶ Bugzilla CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 mediawiki: multiple security fix ↗ 2015-08-13 ▶ Bugzilla CVE-2015-3427 quassel: SQL injection flaw (incomplete fix for CVE-2013-4422) ↗ 2015-04-28 ▶ Bugzilla CVE-2013-2875 webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001) ↗ 2015-01-27 ▶ Show 2 more