CVE-2021-3428
MEDIUMLinux Kernel < 5.9.0 - Denial of Service via Integer Overflow in ext4 Extent Cache
Title source: llmDescription
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
References (3)
Core 3
Core References
Issue Tracking, Permissions Required, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1972621
Third Party Advisory x_refsource_misc
https://ubuntu.com/security/CVE-2021-3428
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/03/17/1
Scores
CVSS v3
5.5
EPSS
0.0029
EPSS Percentile
20.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-190
Status
published
Products (1)
linux/linux_kernel
< 5.9.0
Published
Mar 04, 2022
Tracked Since
Feb 18, 2026