CVE-2009-4308

Name of the Vulnerable Software and Affected Versions openSUSE kernel-ps3-debuginfo versions (affected versions not specified) openSUSE kernel-ps3-debugsource versions (affected versions not specified) Linux kernel versions prior to 2.6.32

Description The issue affects the confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. In the Linux kernel, the ext4 decode error function in fs/ext4/super.c allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference) via a crafted read-only filesystem that lacks a journal.

Recommendations For openSUSE kernel-ps3-debuginfo, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For openSUSE kernel-ps3-debugsource, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.32, update to version 2.6.32 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted read-only filesystems that lack a journal to minimize the risk of exploitation.