Bug 1004233 (CVE-2013-4299) - CVE-2013-4299 kernel: dm: dm-snapshot data leak
Summary: CVE-2013-4299 kernel: dm: dm-snapshot data leak
Keywords:
Status: NEW
Alias: CVE-2013-4299
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 974481 975353 995067 1004252 1004721 1004723 1004734 1004798 1007949 1007950 1019678 1028210
Blocks: 1004525
TreeView+ depends on / blocked
 
Reported: 2013-09-04 09:08 UTC by Petr Matousek
Modified: 2019-09-29 13:07 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)
Patch proposed for upstream kernels (2.85 KB, patch)
2013-10-16 12:28 UTC, Alasdair Kergon
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1436 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-10-16 21:13:44 UTC
Red Hat Product Errata RHSA-2013:1449 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-10-22 21:30:54 UTC
Red Hat Product Errata RHSA-2013:1450 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-10-22 21:02:36 UTC
Red Hat Product Errata RHSA-2013:1490 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2013-10-31 20:23:39 UTC
Red Hat Product Errata RHSA-2013:1519 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-11-13 23:52:26 UTC
Red Hat Product Errata RHSA-2013:1520 normal SHIPPED_LIVE Moderate: kernel security, bug fix, and enhancement update 2013-11-14 22:40:03 UTC
Red Hat Product Errata RHSA-2013:1783 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-12-05 22:07:09 UTC
Red Hat Product Errata RHSA-2013:1860 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-12-20 05:02:13 UTC

Description Petr Matousek 2013-09-04 09:08:47 UTC
A flaw was found in the way Linux kernel's device-mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. Snapshots are constructed from a single "cow" (copy-on-write) device that contains a mixture of data and metadata, and the bug involves a user writing a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped.

An attacker could construct a mapping to read data from disk blocks in 'free space' that is normally inaccessible.

Please note that apart from having security consequences (data leak), this bug is also a data corruptor.

Acknowledgements:

Red Hat would like to thank Fujitsu for reporting this issue.

Comment 15 Alasdair Kergon 2013-10-16 12:28:34 UTC
Created attachment 812893 [details]
Patch proposed for upstream kernels

Comment 16 errata-xmlrpc 2013-10-16 17:21:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1436 https://rhn.redhat.com/errata/RHSA-2013-1436.html

Comment 18 errata-xmlrpc 2013-10-22 17:04:48 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1450 https://rhn.redhat.com/errata/RHSA-2013-1450.html

Comment 19 errata-xmlrpc 2013-10-22 17:33:48 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html

Comment 26 errata-xmlrpc 2013-10-31 16:29:13 UTC
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html

Comment 28 errata-xmlrpc 2013-11-13 18:54:23 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only

Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html

Comment 29 errata-xmlrpc 2013-11-14 17:41:41 UTC
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1520 https://rhn.redhat.com/errata/RHSA-2013-1520.html

Comment 30 errata-xmlrpc 2013-12-05 17:10:41 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html

Comment 31 errata-xmlrpc 2013-12-19 21:29:56 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1860 https://rhn.redhat.com/errata/RHSA-2013-1860.html


Note You need to log in before you can comment on or make changes to this bug.