CVE-2021-3428: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2021-3428) was discovered in the Linux kernel's ext4 file system implementation, specifically in the fs/ext4/extents.c file within the ext4escache_extent function. The vulnerability was identified by Wolfgang Frisch and involves an integer overflow condition when handling metadata inode extents (Ubuntu Security).

The vulnerability is characterized by an integer overflow condition that occurs when processing a corrupted extent tree in a crafted ext4 filesystem. The issue affects Linux kernel versions up to (excluding) 5.9.0. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access requirements and potential high impact on system availability (NVD).

When exploited, this vulnerability can lead to a denial of service condition, specifically causing a system crash. The impact is limited to system availability, with no direct effect on confidentiality or integrity (Openwall).

The vulnerability has been fixed in Linux kernel version 5.9.0 and has been backported to various stable kernel releases. Ubuntu has released fixes for multiple versions: 5.4.0-90.101 for focal, 4.15.0-144.148 for bionic, and 4.4.0-239.273 for xenial. Users are advised to update their systems to the patched versions (Ubuntu Security).

Greg KH, a prominent Linux kernel maintainer, noted that the vulnerability was initially reported in July 2020 and fixed in the 5.9 kernel release, with backports to all relevant stable kernel releases completed in August of the same year (Openwall).