high
7.1
CWE
189 369
Advisory Published
CVE Published
Updated

CVE-2012-2100: Divide by Zero

First published: Wed Apr 04 2012(Updated: )

Commit 503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by zero when trying to mount a corrupted file system") fixes <a href="https://access.redhat.com/security/cve/CVE-2009-4307">CVE-2009-4307</a> by performing a sanity check on s_log_groups_per_flex, since it can be set to a bogus value by an attacker. More info from Wang Xi: The first commit (503358ae) fixes the division by zero. The fix is not perfect because: 1) Theoretically, a standard-conforming C compiler could generate code that is still vulnerable to division by zero, but I was not aware of any compilers doing that. 2) Logically, we should have groups_per_flex = 2^s_log_groups_per_flex, and the fix doesn't really ensure that. This is obviously not good, but not sure how bad the consequence would be. Introduced by: <a href="http://git.kernel.org/linus/503358ae01b70ce6909d19dd01287093f6b6271c">http://git.kernel.org/linus/503358ae01b70ce6909d19dd01287093f6b6271c</a> Upstream commit: <a href="http://git.kernel.org/linus/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b">http://git.kernel.org/linus/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b</a>

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
debian/linux-2.6
Linux Kernel<=3.2.1
Linux Kernel=3.2
<=3.2.1
=3.2

Remedy

https://git.kernel.org/linus/503358ae01b70ce6909d19dd01287093f6b6271c

Remedy

https://git.kernel.org/linus/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2012-2100?

    CVE-2012-2100 is classified as a high-severity vulnerability that could potentially lead to data loss or system instability.

  • How do I fix CVE-2012-2100?

    To fix CVE-2012-2100, update to a Linux kernel version newer than 3.2.1 or apply security patches provided by your distribution.

  • Which systems are affected by CVE-2012-2100?

    CVE-2012-2100 affects Linux kernel versions up to 3.2.1 and specifically includes the Debian linux-2.6 package.

  • What type of vulnerability is CVE-2012-2100?

    CVE-2012-2100 is a vulnerability that relates to a potential divide by zero error when mounting a corrupted ext4 file system.

  • Is CVE-2012-2100 being actively exploited?

    As of now, there have been no reported active exploitations of CVE-2012-2100, but it is critical to patch the vulnerability to prevent potential attacks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203