Bug 1291329 - (CVE-2015-8660) CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151204,repor...
: Security
Depends On: 1291332 1293980 1293981 1306358 1324858 1324859 1350846
Blocks: 1291331
  Show dependency treegraph
 
Reported: 2015-12-14 10:07 EST by Adam Mariš
Modified: 2016-08-23 15:07 EDT (History)
42 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-23 15:07:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2015-12-14 10:07:46 EST
A security issue was fixed in kernel 4.4-rc4 resolving the bypassing of filesystem permission checks in overlayfs during the initial copy_up.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545
Comment 2 Adam Mariš 2015-12-14 10:13:29 EST
Acknowledgements:

Name: Nathan Williams
Comment 3 Adam Mariš 2015-12-14 10:17:55 EST
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1291332]
Comment 4 Fedora Update System 2015-12-22 02:20:16 EST
kernel-4.2.8-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-12-22 17:01:29 EST
kernel-4.2.8-300.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Vladis Dronov 2015-12-23 16:49:11 EST
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.

This issue does not affect the Linux kernel packages as shipped with Red Hat
Enterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix
this issue have been shipped now.
Comment 8 Huzaifa S. Sidhpurwala 2015-12-28 04:18:14 EST
This issue was assigned CVE-2015-8660 as per:

http://seclists.org/oss-sec/2015/q4/575
Comment 17 errata-xmlrpc 2016-08-02 09:53:38 EDT
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2016:1532 https://rhn.redhat.com/errata/RHSA-2016-1532.html
Comment 18 errata-xmlrpc 2016-08-02 14:26:22 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1539 https://rhn.redhat.com/errata/RHSA-2016-1539.html
Comment 19 errata-xmlrpc 2016-08-02 14:35:55 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:1541 https://rhn.redhat.com/errata/RHSA-2016-1541.html

Note You need to log in before you can comment on or make changes to this bug.