CVE-2009-4307

Name of the Vulnerable Software and Affected Versions openSUSE kernel-ps3-debuginfo (affected versions not specified) openSUSE kernel-ps3-debugsource (affected versions not specified) Linux kernel versions prior to 2.6.32-git6

Description The issue affects the Linux kernel and openSUSE operating system, involving multiple vulnerabilities in the kernel-ps3-debuginfo and kernel-ps3-debugsource packages. These vulnerabilities can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information. Specifically, the ext4 fill flex info function in the Linux kernel is vulnerable to a divide-by-zero error and panic when encountering a malformed ext4 filesystem with a large FLEX BG group size, also known as the s log groups per flex value.

Recommendations For openSUSE kernel-ps3-debuginfo and kernel-ps3-debugsource, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.32-git6, update to version 2.6.32-git6 or later to resolve the issue. As a temporary workaround, consider restricting access to the ext4 fill flex info function until a patch is available.