Bug 1450261 (CVE-2017-7495)

Summary: CVE-2017-7495 kernel: ext4: power failure during write(2) causes on-disk information leak
Product: [Other] Security Response Reporter: Wade Mealing <wmealing>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aquini, bhu, dhoward, dominik.mierzejewski, esammons, fhrbata, iboverma, jross, kernel-mgr, lczerner, lwang, matt, mcressma, mguzik, nmurray, pholasek, plougher, pmatouse, rvrbovsk, slawomir, vdronov, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation.
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-23 15:12:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1454551, 1454552, 1454553, 1461806, 1461807    
Bug Blocks: 1325973    

Description Wade Mealing 2017-05-12 03:17:41 UTC
A flaw was found in the kernels implementation of ext4 for filesystems mounted with data=ordered mode. Stale data from recently allocated blocks may appear in newly created blocks in files when a system is 'power reset'.  This may allow an attacker to gain information about file contents being written to disk when the system was being reset.  This issue only affects regular write()'s and not when an application is using direct IO.

In testing, the amount of stale-data leakage is at maximum the amount of outstanding delayed journal transactions to the underlying device since the last commit (defaulting to 5 seconds, but tunable/exasperated with commit=nrsec mount option).

Comment 2 Wade Mealing 2017-05-12 03:18:21 UTC
Mitigation:

Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system.

Comment 3 Wade Mealing 2017-05-23 03:28:27 UTC
Acknowledgments:

Name: Takeshi Nishimura (NEC)

Comment 5 Wade Mealing 2017-05-23 03:49:51 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.  Future Linux kernel updates for the respective releases may address this issue.
fs