Bug 1520893 (CVE-2017-15121) - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
Summary: CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2017-15121
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20171205,repor...
Depends On: 1387473 1520993 1522823 1522827 1546079 1695793 1695794
Blocks: 1515425
TreeView+ depends on / blocked
 
Reported: 2017-12-05 12:15 UTC by Vladis Dronov
Modified: 2019-06-11 11:13 UTC (History)
46 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
Clone Of:
Environment:
Last Closed: 2019-06-08 03:32:43 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0676 None None None 2018-04-10 08:13:15 UTC
Red Hat Product Errata RHSA-2018:1062 None None None 2018-04-10 09:36:52 UTC
Red Hat Product Errata RHSA-2018:1854 None None None 2018-06-19 04:48:10 UTC

Description Vladis Dronov 2017-12-05 12:15:23 UTC
A non-prigileged user is able to mount a fuse filesystem on RHEL6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

Comment 1 Vladis Dronov 2017-12-05 12:15:45 UTC
Acknowledgments:

Name: Miklos Szeredi (Red Hat)

Comment 3 Salvatore Bonaccorso 2017-12-06 05:48:56 UTC
Vladis, is this a Red Hat Kernel specific issue?

Comment 5 Vladis Dronov 2017-12-06 14:00:07 UTC
hei hai, Salvatore, yes, mostly. it appeared that rhel-6 and -7 are vulnerable, but rhel-alt is not. this means the flaw is reproduced with kernels from, at leat, 2.6.32 to 3.10, but not with 4.11. the upstream fix for this is commit 5a7203947a1d ("mm: teach truncate_inode_pages_range() to handle non page aligned ranges") which is in the upstream since v3.11-rc1.

Comment 7 Vladis Dronov 2017-12-06 14:16:48 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.

This issue affects the versions of the Linux kernel as shipped with 6, 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.

Comment 8 Vladis Dronov 2017-12-06 14:17:52 UTC
What is Red Hat Enterprise Linux 7 for ARM,
        Red Hat Enterprise Linux 7 for Power LE,
        and the "kernel-alt" package:

The "kernel-alt" package as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE is an updated kernel intended to support new architectures not available at the time of Red Hat Enterprise Linux 7 original shipping. The new kernel version provided by the "kernel-alt" packages is based on upstream Linux kernel version 4.11. The offering is distributed with other updated packages, but most of the userspace is the standard Red Hat Enterprise Linux 7 Server RPM files.

For more information please refer to:

https://access.redhat.com/articles/3158541
https://access.redhat.com/articles/3158511

Comment 10 errata-xmlrpc 2018-04-10 08:12:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0676 https://access.redhat.com/errata/RHSA-2018:0676

Comment 11 errata-xmlrpc 2018-04-10 09:36:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:1062 https://access.redhat.com/errata/RHSA-2018:1062

Comment 12 errata-xmlrpc 2018-06-19 04:47:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854


Note You need to log in before you can comment on or make changes to this bug.