A flaw was found in the way Linux kernel's device-mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. Snapshots are constructed from a single "cow" (copy-on-write) device that contains a mixture of data and metadata, and the bug involves a user writing a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped. An attacker could construct a mapping to read data from disk blocks in 'free space' that is normally inaccessible. Please note that apart from having security consequences (data leak), this bug is also a data corruptor. Acknowledgements: Red Hat would like to thank Fujitsu for reporting this issue.
Created attachment 812893 [details] Patch proposed for upstream kernels
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1436 https://rhn.redhat.com/errata/RHSA-2013-1436.html
Links to upstream merge: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8359ffa56595b5b56ea690810cace53e13618269
This issue has been addressed in following products: Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Via RHSA-2013:1450 https://rhn.redhat.com/errata/RHSA-2013-1450.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html
This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2013:1520 https://rhn.redhat.com/errata/RHSA-2013-1520.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1860 https://rhn.redhat.com/errata/RHSA-2013-1860.html