1649017 – (CVE-2018-16862) CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes

Bug 1649017 (CVE-2018-16862) - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes

Summary: CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of o...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2018-16862
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1653122
Blocks:	1649018
TreeView+	depends on / blocked

Reported:	2018-11-12 17:47 UTC by Pedro Sampaio
Modified:	2021-02-16 22:47 UTC (History)
CC List:	44 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
Clone Of:
Environment:
Last Closed:	2019-06-10 10:42:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2018-11-12 17:47:55 UTC

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and so the old file data instead of the new one.

References:

https://seclists.org/oss-sec/2018/q4/169

A suggested patch:

https://lore.kernel.org/patchwork/patch/1011367/

Comment 3 Vladis Dronov 2018-11-23 15:10:08 UTC

Acknowledgments:

Name: Vasily Averin (Virtuozzo Kernel Team), Pavel Tikhomirov (Virtuozzo Kernel Team)

Comment 4 Vladis Dronov 2018-11-23 15:32:16 UTC

Note:

While RHEL-ALT and RHEL-8 are vulnerable to this flaw, only Xen's [tmem] driver is a possible backend for the CleanCache subsystem. So, a vulnerable configuration is RHEL as a Xen's guest. According to https://access.redhat.com/certified-hypervisors this is not a supported configuration, and so the flaw is not currently planned to be addressed in future updates.

Comment 5 Sam Fowler 2018-11-26 00:05:03 UTC

External Reference:

https://seclists.org/oss-sec/2018/q4/169

Comment 6 Sam Fowler 2018-11-26 00:06:11 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1653122]

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
brdeoliv
bskeggs
dhoward
dvlasenk
ewk
fhrbata
hdegoede
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jarodwilson
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
security-response-team
steved
vdronov
williams