{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412"}, {"name": "ADV-2009-0509", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0509"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37471"}, {"name": "RHSA-2009:1243", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "DSA-1749", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1749"}, {"name": "oval:org.mitre.oval:def:7765", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"}, {"name": "oval:org.mitre.oval:def:10942", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"}, {"name": "USN-751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-751-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36562", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36562"}, {"name": "34981", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34981"}, {"name": "34394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34394"}, {"name": "DSA-1787", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1787"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0745", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19", "refsource": "CONFIRM", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fdff73f094e7220602cc3f8959c7230517976412"}, {"name": "ADV-2009-0509", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0509"}, {"name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471"}, {"name": "RHSA-2009:1243", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "DSA-1749", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1749"}, {"name": "oval:org.mitre.oval:def:7765", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"}, {"name": "oval:org.mitre.oval:def:10942", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"}, {"name": "USN-751-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-751-1"}, {"name": "http://bugzilla.kernel.org/show_bug.cgi?id=12433", "refsource": "CONFIRM", "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36562", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36562"}, {"name": "34981", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34981"}, {"name": "34394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34394"}, {"name": "DSA-1787", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1787"}, {"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7", "refsource": "CONFIRM", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"}, {"name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:51.610Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412"}, {"name": "ADV-2009-0509", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0509"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37471"}, {"name": "RHSA-2009:1243", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "DSA-1749", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1749"}, {"name": "oval:org.mitre.oval:def:7765", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"}, {"name": "oval:org.mitre.oval:def:10942", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"}, {"name": "USN-751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-751-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "36562", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36562"}, {"name": "34981", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34981"}, {"name": "34394", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34394"}, {"name": "DSA-1787", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0745", "datePublished": "2009-02-27T17:00:00", "dateReserved": "2009-02-27T00:00:00", "dateUpdated": "2024-08-07T04:48:51.610Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27:*:*:*:*:*:*:*", "matchCriteriaId": "856FE78A-29B5-4411-98A0-4B0281C17EB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*", "matchCriteriaId": "324B5A3E-FA65-4F02-9B8F-872F38CD1808", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*", "matchCriteriaId": "C75A8FC4-58D2-4B6A-9D8E-FF12DF52E249", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*", "matchCriteriaId": "DE21E2AE-9E01-471C-A419-6AB40A49C2F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*", "matchCriteriaId": "ADFC2D46-65D0-426F-9AF8-8C910AE91D49", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*", "matchCriteriaId": "11795F8E-7ACD-4597-9194-FC7241DCE057", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*", "matchCriteriaId": "60F381E1-F3C5-49BE-B094-4D90E7B108F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*", "matchCriteriaId": "D82A6217-CFA6-4E72-8BED-0297E13EABF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*", "matchCriteriaId": "7CEA1AF2-2DE7-4B38-987D-15FFA70F06B8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*", "matchCriteriaId": "7954A701-1671-4080-B1E6-47E0208FD28C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*", "matchCriteriaId": "63D06512-EAF0-48C6-98F0-066E63FF07EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*", "matchCriteriaId": "7F35DA6B-C6D4-47CC-97E7-9659DCFDD162", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*", "matchCriteriaId": "D75B48F1-623A-4B96-9E08-4AA2DE748490", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*", "matchCriteriaId": "9E6EB7C3-D9AB-43E7-8B78-2C36AE920935", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*", "matchCriteriaId": "7FC87A28-C6A1-4E90-BD9F-A5BE1985DB50", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*", "matchCriteriaId": "0383E2A5-60EE-47F3-9DA8-BF75028D511F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*", "matchCriteriaId": "E8B0C229-2A79-47E0-856A-2AE0FF97B967", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*", "matchCriteriaId": "FB27B247-D6BF-49C4-B113-76C9A47B7DCD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*", "matchCriteriaId": "F94BA1B0-52B9-4303-9C41-3ACC3AC1945E", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*", "matchCriteriaId": "26BD805F-08EB-42EC-BC54-26A7278E5089", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "217715A5-E69D-45C0-B8E4-5681528C651B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*", "matchCriteriaId": "A87AD66C-4321-4459-8556-3B0BA38C493A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*", "matchCriteriaId": "87A347E0-9C0B-4674-9363-3C36DA27AC45", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*", "matchCriteriaId": "8E0F3DF0-6BD0-4560-9A13-C6493939D8B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*", "matchCriteriaId": "D4BE1DF7-99CB-416B-B6F9-EC40FBD7D1C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*", "matchCriteriaId": "B93AF773-FBB4-4A4A-ADD5-ADA40C24CD36", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory."}, {"lang": "es", "value": "La funci\u00f3n ext4_group_add en fs/ext4/resize.c en el kernel de Linux v2.6.27 anteriores a v2.6.27.19 y v2.6.28 anteriores a v2.6.28.7 no inicializa de forma adecuada el descriptor de grupo durante una operaci\u00f3n de cambio de tama\u00f1o (tambi\u00e9n conocido como resize2fs), que podr\u00eda permitir a los usuarios locales, provocar una denegaci\u00f3n de servicio (OOPS) organizando valores manipulados, para estar en la memoria disponible."}], "id": "CVE-2009-0745", "lastModified": "2023-11-07T02:03:42.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-27T17:30:09.920", "references": [{"source": "cve@mitre.org", "url": "http://bugzilla.kernel.org/show_bug.cgi?id=12433"}, {"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fdff73f094e7220602cc3f8959c7230517976412"}, {"source": "cve@mitre.org", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19"}, {"source": "cve@mitre.org", "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2009-1243.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34394"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34981"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36562"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37471"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1749"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1787"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-751-1"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/0509"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10942"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7765"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. \n\nThis issue was addressed in Red Hat Enterprise Linux 5 by\nhttps://rhn.redhat.com/errata/RHSA-2009-1243.html", "lastModified": "2009-09-02T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1243", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-164.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-09-02T00:00:00Z"}], "bugzilla": {"description": "kernel: ext4: ext4_group_add() missing initialisation issue", "id": "487929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487929"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory."], "name": "CVE-2009-0745", "public_date": "2009-01-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0745\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0745"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.", "threat_severity": "Low"}