Bug 1004233 - (CVE-2013-4299) CVE-2013-4299 kernel: dm: dm-snapshot data leak
CVE-2013-4299 kernel: dm: dm-snapshot data leak
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131016,repor...
: Security
Depends On: 974481 975353 995067 1004252 1004721 1004723 1004734 1004798 1007949 1007950 1019678 1028210
Blocks: 1004525
  Show dependency treegraph
 
Reported: 2013-09-04 05:08 EDT by Petr Matousek
Modified: 2016-10-04 00:19 EDT (History)
24 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch proposed for upstream kernels (2.85 KB, patch)
2013-10-16 08:28 EDT, Alasdair Kergon
no flags Details | Diff

  None (edit)
Description Petr Matousek 2013-09-04 05:08:47 EDT
A flaw was found in the way Linux kernel's device-mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. Snapshots are constructed from a single "cow" (copy-on-write) device that contains a mixture of data and metadata, and the bug involves a user writing a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped.

An attacker could construct a mapping to read data from disk blocks in 'free space' that is normally inaccessible.

Please note that apart from having security consequences (data leak), this bug is also a data corruptor.

Acknowledgements:

Red Hat would like to thank Fujitsu for reporting this issue.
Comment 15 Alasdair Kergon 2013-10-16 08:28:34 EDT
Created attachment 812893 [details]
Patch proposed for upstream kernels
Comment 16 errata-xmlrpc 2013-10-16 13:21:52 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1436 https://rhn.redhat.com/errata/RHSA-2013-1436.html
Comment 18 errata-xmlrpc 2013-10-22 13:04:48 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1450 https://rhn.redhat.com/errata/RHSA-2013-1450.html
Comment 19 errata-xmlrpc 2013-10-22 13:33:48 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html
Comment 26 errata-xmlrpc 2013-10-31 12:29:13 EDT
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
Comment 28 errata-xmlrpc 2013-11-13 13:54:23 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only

Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html
Comment 29 errata-xmlrpc 2013-11-14 12:41:41 EST
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1520 https://rhn.redhat.com/errata/RHSA-2013-1520.html
Comment 30 errata-xmlrpc 2013-12-05 12:10:41 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html
Comment 31 errata-xmlrpc 2013-12-19 16:29:56 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1860 https://rhn.redhat.com/errata/RHSA-2013-1860.html

Note You need to log in before you can comment on or make changes to this bug.