Bug 1520893 - (CVE-2017-15121) CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20171205,repor...
: Security
Depends On: 1387473 1520993 1522823 1522827
Blocks: 1515425
  Show dependency treegraph
 
Reported: 2017-12-05 07:15 EST by Vladis Dronov
Modified: 2018-02-12 05:30 EST (History)
48 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vladis Dronov 2017-12-05 07:15:23 EST
A non-prigileged user is able to mount a fuse filesystem on RHEL6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
Comment 1 Vladis Dronov 2017-12-05 07:15:45 EST
Acknowledgments:

Name: Miklos Szeredi (Red Hat)
Comment 3 Salvatore Bonaccorso 2017-12-06 00:48:56 EST
Vladis, is this a Red Hat Kernel specific issue?
Comment 5 Vladis Dronov 2017-12-06 09:00:07 EST
hei hai, Salvatore, yes, mostly. it appeared that rhel-6 and -7 are vulnerable, but rhel-alt is not. this means the flaw is reproduced with kernels from, at leat, 2.6.32 to 3.10, but not with 4.11. the upstream fix for this is commit 5a7203947a1d ("mm: teach truncate_inode_pages_range() to handle non page aligned ranges") which is in the upstream since v3.11-rc1.
Comment 7 Vladis Dronov 2017-12-06 09:16:48 EST
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.

This issue affects the versions of the Linux kernel as shipped with 6, 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.
Comment 8 Vladis Dronov 2017-12-06 09:17:52 EST
What is Red Hat Enterprise Linux 7 for ARM,
        Red Hat Enterprise Linux 7 for Power LE,
        and the "kernel-alt" package:

The "kernel-alt" package as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE is an updated kernel intended to support new architectures not available at the time of Red Hat Enterprise Linux 7 original shipping. The new kernel version provided by the "kernel-alt" packages is based on upstream Linux kernel version 4.11. The offering is distributed with other updated packages, but most of the userspace is the standard Red Hat Enterprise Linux 7 Server RPM files.

For more information please refer to:

https://access.redhat.com/articles/3158541
https://access.redhat.com/articles/3158511

Note You need to log in before you can comment on or make changes to this bug.