Bug 1874800 (CVE-2020-14385)
| Summary: | CVE-2020-14385 kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | acaringi, airlied, asavkov, bhu, blc, bmasney, brdeoliv, bskeggs, dgilbert, dhoward, dvlasenk, esammons, esandeen, fcanogab, fhrbata, hdegoede, hkrzesin, iboverma, ichavero, itamar, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, john.j5live, jonathan, josef, jpoimboe, jross, jshepherd, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, matt, mchehab, mcressma, mjg59, mlangsdo, nmurray, pmatouse, ptalbert, qzhao, rhandlin, rt-maint, rvrbovsk, sgrubb, steved, williams, ycote |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Linux kernel 5.9-rc4 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-20 14:21:19 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1874811, 1875316, 1875317, 1875319, 1875320, 1881083, 1881084, 1881085, 1881086, 1881087, 1881088, 1881089, 1881090, 1881091, 1881092, 1881093, 1881094, 1881095, 1881096, 1881098, 1881099, 1881100, 1881101, 1881102, 1881104, 1881105, 1881106, 1881338, 1881339, 1881340, 1881410, 1881412, 1881413, 1881414, 1881416 | ||
| Bug Blocks: | 1872883 | ||
|
Description
Alex
2020-09-02 09:35:15 UTC
Acknowledgments: Name: Dr. David Alan Gilbert (redhat.com) Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1874811] This flaw was introduced in kernel 4.16, with commit
1e1bbd8e7ee06 ("xfs: create structure verifier function for shortform xattrs")
For rhel7 still relevant (even kernel 3.10 lower than 4.16), because of this commit: 176cad912b2b fs/xfs/libxfs/xfs_attr_leaf.c (Carlos Maiolino 2019-07-10 09:40:03 -0400 927) if (((char *)sfep + sizeof(*sfep)) >= endp) FEDORA-2020-708b23f2ce has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report. Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. (In reply to Eric Christensen from comment #24) > Statement: > > Because only a local user can trigger this flaw, the impact has been reduced > to Moderate. Note that 'local' can include an unpriviliged user in an openshift container. Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933 External References: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933 Statement: Only local users, including unprivileged users in a cointainer, can trigger this flaw. However, the impact could be high, especially on multi-tenant systems, because after the attack the system rendered inaccessible for some time (at least until reboot), so the impact has been increased to Important. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4287 https://access.redhat.com/errata/RHSA-2020:4287 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4286 https://access.redhat.com/errata/RHSA-2020:4286 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4289 https://access.redhat.com/errata/RHSA-2020:4289 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14385 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4332 https://access.redhat.com/errata/RHSA-2020:4332 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4331 https://access.redhat.com/errata/RHSA-2020:4331 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5050 https://access.redhat.com/errata/RHSA-2020:5050 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:5199 https://access.redhat.com/errata/RHSA-2020:5199 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5437 https://access.redhat.com/errata/RHSA-2020:5437 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:5441 https://access.redhat.com/errata/RHSA-2020:5441 |