Bug 869904 (CVE-2012-4508)
| Summary: | CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agordeev, anton, bhu, davej, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jneedle, jonathan, jrusnack, jwboyer, kernel-maint, kernel-mgr, lgoncalv, lwang, madhu.chinakonda, mcressma, mjc, plougher, rt-maint, sforsber, tingsong.zheng, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-08-24 14:07:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 869905, 869906, 869907, 869908, 869909, 869910, 869911, 1022626 | ||
| Bug Blocks: | 870156 | ||
|
Description
Petr Matousek
2012-10-25 06:21:58 UTC
Created attachment 633181 [details] Upstream patches Theodore Ts'o writes: "There are two ways of patching this bug. One is to apply the entire set of AIO/DIO race fixes, which will fix a number of other bugs (some of which can cause the system to deadlock if the right stress tester is run). All but the last two patches in the enclosed tar file are in the ext4.git tree and will shortly be pushed to Linus. The last two will fix stale data exposure bug. A simpler fix is to simply apply the last patch in this patch series. This should work on all older kernels; the downside of applying just the last patch is that there is a slight risk of data loss if the file system is full at the point where we have the AIO/fallocate race, *AND* the leaf node in extent tree is full, requiring a block allocation in order to split an extent so we can mark part of the extent as being uninitialized. This is a very hard-to-hit corner case, so it should be OK to just apply the last patch in this series. Applying the entire patch series will allow us to significantly reduce the chances of this corner case happening. The enclosed tar file has these patches ported to the 3.6 kernel; it should not be hard to make them apply for older kernels as necessary." The last patch is also referenced in comment#0. Created kernel tracking bugs for this issue Affects: fedora-all [bug 869909] This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:1491 https://rhn.redhat.com/errata/RHSA-2012-1491.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1540 https://rhn.redhat.com/errata/RHSA-2012-1540.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0496 https://rhn.redhat.com/errata/RHSA-2013-0496.html This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html This issue has been addressed in following products: Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html |