Bug 679303

Summary: kernel: world-writable debugfs perms bugs
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: arozansk, bhu, dhoward, jkacur, kernel-mgr, kmcmartin, lgoncalv, lwang, rkhan, rt-maint, segoon, tcallawa, vkrizan, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: public=20110204,reported=20110222,source=lkml,impact=important,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,rhel-5/kernel=affected,rhel-6/kernel=affected,mrg-1.3/realtime-kernel=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 13:53:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 679304, 679305, 679306, 679307, 679308    
Bug Blocks:    

Description Eugene Teo (Security Response) 2011-02-22 07:55:33 UTC
1) [PATCH 07/20] video: sn9c102: world-wirtable sysfs files
https://lkml.org/lkml/2011/2/4/85
Doesn't affect: rhel-4
Affects: rhel-5/6/mrg-1

2) [PATCH 08/20] mfd: ab3100: world-writable debugfs *_priv files
https://lkml.org/lkml/2011/2/4/82
Doesn't affect: rhel-4/5/mrg-1
Affects: rhel-6

3) [PATCH 14/20] platform: x86: acer-wmi: world-writable sysfs threeg file
https://lkml.org/lkml/2011/2/4/79
Doesn't affect: rhel-4/5
Affects: rhel-6/mrg-1

http://git.kernel.org/linus/b80b168f918bba4b847e884492415546b340e19d

4) [PATCH 15/20] platform: x86: asus_acpi: world-writable procfs files
https://lkml.org/lkml/2011/2/4/73
Doesn't affect: rhel-4/5/6
Affects: mrg-1

http://git.kernel.org/linus/8040835760adf0ef66876c063d47f79f015fb55d

5) [PATCH 16/20] platform: x86: tc1100-wmi: world-writable sysfs wireless and jogdial files
https://lkml.org/lkml/2011/2/4/78
Doesn't affect: rhel-4/5
Affects: rhel-6/mrg-1

http://git.kernel.org/linus/8a6a142c1286797978e4db266d22875a5f424897

6) [PATCH 18/20] scsi: aic94xx: world-writable sysfs update_bios file
https://lkml.org/lkml/2011/2/4/75
Doesn't affect: rhel-4/5
Affects: rhel-6/mrg-1

Comment 3 Eugene Teo (Security Response) 2011-02-22 08:02:49 UTC
Some of these patches are not committed in the upstream kernel yet, so expect changes, if any.