Linux kernel built with the Btrfs Filesystem support(CONFIG_BTRFS_FS) is vulnerable to a race condition which leaves the extended attribute(xattr) empty for a short time window. This could be leveraged to bypass set ACLs and potentially escalate user privileges. An unprivileged user could use this flaw to potentially escalate privileges on a system. Upstream fix: ------------- -> https://git.kernel.org/linus/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
Statement: This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue. Given the Moderate impact and the fact that BRTFS file system is no longer Technology preview in Red Hat Enterprise Linux 6 this issue is not currently planned to be addressed in future releases of Red Hat Enterprise Linux 6.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1205088]
Acknowledgement: This issue was discovered by Alexandre Oliva of Red Hat Inc.