Bug 1286261 (CVE-2015-8374)
Summary: | CVE-2015-8374 kernel: Information leak when truncating of compressed/inlined extents on BTRFS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aquini, bhu, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, kstutsma, lgoncalv, madhu.chinakonda, matt, mchehab, mcressma, mrg-program-list, nmurray, plougher, rvrbovsk, slawomir, slong, vdronov, williams |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:45:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1286262, 1298680, 1298988, 1298989, 1298990, 1298991 | ||
Bug Blocks: | 1286263 |
Description
Adam Mariš
2015-11-27 16:44:27 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1286262] kernel-4.2.7-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.2.7-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.2.7-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. References: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8039d87d9e473aeb740d4fdbd59b9d2f89b2ced9 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 The related 'xfstests' tests: https://git.kernel.org/cgit/fs/xfs/xfstests-dev.git/commit/?id=ddb4e4cfccfa5fc36975c12e9a66a24d3b7829bd https://git.kernel.org/cgit/fs/xfs/xfstests-dev.git/commit/?id=0e6ead559169260d0a2621ec22edcd0e63b84a88 https://git.kernel.org/cgit/fs/xfs/xfstests-dev.git/commit/?id=7ff4bb25cea7a294113f52369951db6ae52f5f9d Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is not currently planned to be addressed in future updates. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2574 https://rhn.redhat.com/errata/RHSA-2016-2574.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2584 https://rhn.redhat.com/errata/RHSA-2016-2584.html |