A vulnerability was found in the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. References: https://bugzilla.kernel.org/show_bug.cgi?id=199119 Upstream Patch: https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c
Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it did affect it earlier. This issue was unintentionally fixed in the release of kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer.
(In reply to Wade Mealing from comment #5) > Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it > did affect it earlier. > > This issue was unintentionally fixed in the release of > kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer. I think there's 'unintentionally fix' bug :) please check bug 1590625. Thanks, Zorro
(In reply to Zorro Lang from comment #6) > (In reply to Wade Mealing from comment #5) > > Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it > > did affect it earlier. > > > > This issue was unintentionally fixed in the release of > > kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer. > > I think there's 'unintentionally fix' bug :) please check bug 1590625. ^ don't > > Thanks, > Zorro
@Zorro, Maybe.. but to me it looked to be fixed as a side-affect at the time. Done is done.