QwikSec

Security Database

CVE

CWE

Training

CVE-2015-8324

Published: May 2, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1267261

x_refsource_CONFIRM

http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.34

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/744692dc059845b2a3022119871846e74d4f6e11

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11

x_refsource_CONFIRM

[oss-security] 20151123 CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.