Description of problem: The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12 bytes of uninitialized stack memory, because the fsxattr struct declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero) the 12-byte fsx_pad member before copying it back to the user. http://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
Patch: http://groups.google.com/group/linux.kernel/browse_thread/thread/d91e3a963e760a62/6e2a940395ed2911?show_docid=6e2a940395ed2911
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0839 https://rhn.redhat.com/errata/RHSA-2010-0839.html
Statement: This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the XFS file system. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0007 https://rhn.redhat.com/errata/RHSA-2011-0007.html