Bug 761410 - kernel: loop: prevent information leak after failed read
Summary: kernel: loop: prevent information leak after failed read
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 761415 761416 761417 761418 761419 761420 782687
Blocks: 761394
TreeView+ depends on / blocked
 
Reported: 2011-12-08 09:34 UTC by Eugene Teo (Security Response)
Modified: 2021-10-19 21:50 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2021-10-19 21:50:13 UTC
Embargoed:

Attachments (Terms of Use)

Description Eugene Teo (Security Response) 2011-12-08 09:34:56 UTC 
If read was not fully successful we have to fail whole bio to prevent
information leak of old pages

dd if=/dev/zero of=./file bs=1M count=1
losetup /dev/loop0 ./file -o 4096
truncate -s 0 ./file

OOps loop offset is now beyond i_size, so read will silently fail.
So bio's pages would not be cleared, may which result in information leak.

hexdump -C /dev/loop0

Upstream commit:
http://git.kernel.org/linus/3bb9068278ea524581237abadd41377a14717e7d (v3.2-rc3)
Comment 3 Eugene Teo (Security Response) 2012-01-05 04:21:40 UTC 
Not a security issue; fixing this as normal bugs.
Comment 4 Eugene Teo (Security Response) 2012-01-05 04:23:00 UTC 
$ ll /dev/loop*
brw-rw----. 1 root disk 7, 0 Dec  7 12:28 /dev/loop0
brw-rw----. 1 root disk 7, 1 Nov 22 18:58 /dev/loop1
brw-rw----. 1 root disk 7, 2 Nov 22 18:58 /dev/loop2
brw-rw----. 1 root disk 7, 3 Nov 22 18:58 /dev/loop3
Comment 5 Eugene Teo (Security Response) 2012-01-18 07:14:27 UTC 
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 782687]
Note You need to log in before you can comment on or make changes to this bug.