Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c
in the Linux kernel before 2.6.34 allows local users to cause a denial of
service (BUG and system crash) via a write operation on the last block of a
large file, followed by a sync operation.
Toshiyuki Okajima discovered that ext4 did not correctly check certain
parameters. A local attacker could exploit this to crash the system or
overwrite the last block of large files.
Updated: 2016-01-26 17:36:54 UTC (commit 10507)