Bug 1004233 (CVE-2013-4299) - CVE-2013-4299 kernel: dm: dm-snapshot data leak
Summary: CVE-2013-4299 kernel: dm: dm-snapshot data leak
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-4299
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 974481 975353 995067 1004252 1004721 1004723 1004734 1004798 1007949 1007950 1019678 1028210
Blocks: 1004525
TreeView+ depends on / blocked
 
Reported: 2013-09-04 09:08 UTC by Petr Matousek
Modified: 2023-05-11 23:51 UTC (History)
18 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-20 10:41:00 UTC
Embargoed:

Attachments (Terms of Use)
Patch proposed for upstream kernels (2.85 KB, patch)
2013-10-16 12:28 UTC, Alasdair Kergon 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1436 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-10-16 21:13:44 UTC
Red Hat Product Errata RHSA-2013:1449 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-10-22 21:30:54 UTC
Red Hat Product Errata RHSA-2013:1450 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-10-22 21:02:36 UTC
Red Hat Product Errata RHSA-2013:1490 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2013-10-31 20:23:39 UTC
Red Hat Product Errata RHSA-2013:1519 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-11-13 23:52:26 UTC
Red Hat Product Errata RHSA-2013:1520 0 normal SHIPPED_LIVE Moderate: kernel security, bug fix, and enhancement update 2013-11-14 22:40:03 UTC
Red Hat Product Errata RHSA-2013:1783 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2013-12-05 22:07:09 UTC
Red Hat Product Errata RHSA-2013:1860 0 normal SHIPPED_LIVE Moderate: kernel security and bug fix update 2013-12-20 05:02:13 UTC

Description Petr Matousek 2013-09-04 09:08:47 UTC 
A flaw was found in the way Linux kernel's device-mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. Snapshots are constructed from a single "cow" (copy-on-write) device that contains a mixture of data and metadata, and the bug involves a user writing a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped.

An attacker could construct a mapping to read data from disk blocks in 'free space' that is normally inaccessible.

Please note that apart from having security consequences (data leak), this bug is also a data corruptor.

Acknowledgements:

Red Hat would like to thank Fujitsu for reporting this issue.
Comment 15 Alasdair Kergon 2013-10-16 12:28:34 UTC 
Created attachment 812893 [details]
Patch proposed for upstream kernels
Comment 16 errata-xmlrpc 2013-10-16 17:21:52 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2013:1436 https://rhn.redhat.com/errata/RHSA-2013-1436.html
Comment 17 Alasdair Kergon 2013-10-18 01:38:52 UTC 
Links to upstream merge:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8359ffa56595b5b56ea690810cace53e13618269
Comment 18 errata-xmlrpc 2013-10-22 17:04:48 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1450 https://rhn.redhat.com/errata/RHSA-2013-1450.html
Comment 19 errata-xmlrpc 2013-10-22 17:33:48 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1449 https://rhn.redhat.com/errata/RHSA-2013-1449.html
Comment 26 errata-xmlrpc 2013-10-31 16:29:13 UTC 
This issue has been addressed in following products:

  MRG for RHEL-6 v.2

Via RHSA-2013:1490 https://rhn.redhat.com/errata/RHSA-2013-1490.html
Comment 28 errata-xmlrpc 2013-11-13 18:54:23 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only

Via RHSA-2013:1519 https://rhn.redhat.com/errata/RHSA-2013-1519.html
Comment 29 errata-xmlrpc 2013-11-14 17:41:41 UTC 
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2013:1520 https://rhn.redhat.com/errata/RHSA-2013-1520.html
Comment 30 errata-xmlrpc 2013-12-05 17:10:41 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only

Via RHSA-2013:1783 https://rhn.redhat.com/errata/RHSA-2013-1783.html
Comment 31 errata-xmlrpc 2013-12-19 21:29:56 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2013:1860 https://rhn.redhat.com/errata/RHSA-2013-1860.html
Note You need to log in before you can comment on or make changes to this bug.