Bug 1450261 – CVE-2017-7495 kernel: ext4: power failure during write(2) causes on-disk information leak

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1450261 - (CVE-2017-7495) CVE-2017-7495 kernel: ext4: power failure during write(2) causes on-disk information leak

Summary:	CVE-2017-7495 kernel: ext4: power failure during write(2) causes on-disk info...

Status:	CLOSED ERRATA

Aliases:	CVE-2017-7495

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20170512,repor...
Keywords:	Security

Depends On:	1454551 1454552 1454553 1461806 1461807
Blocks:	1325973
	Show dependency tree / graph

Reported:	2017-05-11 23:17 EDT by Wade Mealing
Modified:	2018-03-23 11:12 EDT (History)
CC List:	23 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-03-23 11:12:46 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Wade Mealing 2017-05-11 23:17:41 EDT

A flaw was found in the kernels implementation of ext4 for filesystems mounted with data=ordered mode. Stale data from recently allocated blocks may appear in newly created blocks in files when a system is 'power reset'.  This may allow an attacker to gain information about file contents being written to disk when the system was being reset.  This issue only affects regular write()'s and not when an application is using direct IO.

In testing, the amount of stale-data leakage is at maximum the amount of outstanding delayed journal transactions to the underlying device since the last commit (defaulting to 5 seconds, but tunable/exasperated with commit=nrsec mount option).

Comment 2 Wade Mealing 2017-05-11 23:18:21 EDT

Mitigation:

Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system.

Comment 3 Wade Mealing 2017-05-22 23:28:27 EDT

Acknowledgments:

Name: Takeshi Nishimura (NEC)

Comment 5 Wade Mealing 2017-05-22 23:49:51 EDT

Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.  Future Linux kernel updates for the respective releases may address this issue.
fs

Comment 6 Wade Mealing 2017-05-22 23:56:25 EDT

External References:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824

http://seclists.org/oss-sec/2017/q2/259

Note You need to log in before you can comment on or make changes to this bug.

aquini
bhu
dhoward
dominik.mierzejewski
esammons
fhrbata
iboverma
jross
kernel-mgr
lczerner
lwang
matt
mcressma
mguzik
nmurray
pholasek
plougher
pmatouse
rvrbovsk
slawomir
vdronov
williams
wmealing