Bug 1195248 (CVE-2015-0274) - CVE-2015-0274 kernel: xfs: replacing remote attributes memory corruption
Summary: CVE-2015-0274 kernel: xfs: replacing remote attributes memory corruption
Status: CLOSED ERRATA
Alias: CVE-2015-0274
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20150305,repo...
Keywords: Security
Depends On: 1145837 1195251
Blocks: 1176616
TreeView+ depends on / blocked
 
Reported: 2015-02-23 13:31 UTC by Petr Matousek
Modified: 2015-03-25 06:55 UTC (History)
26 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-24 06:19:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0290 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2015-03-05 16:13:58 UTC
Red Hat Product Errata RHSA-2015:0694 normal SHIPPED_LIVE Important: kernel-rt security, bug fix, and enhancement update 2015-03-17 18:39:44 UTC

Description Petr Matousek 2015-02-23 13:31:44 UTC
A flaw was found in the way the Linux kernel's XFS file system handled
replacing of remote attributes under certain conditions.

A local user with access to XFS file system mount could potentially use this
flaw to escalate their privileges on the system.

Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e461fcb

Acknowledgements:

Red Hat would like to thank Eric Windisch of the Docker project for reporting
this issue.

Comment 2 Petr Matousek 2015-02-23 13:35:54 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.

Comment 4 errata-xmlrpc 2015-03-05 13:05:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:0290 https://rhn.redhat.com/errata/RHSA-2015-0290.html

Comment 5 errata-xmlrpc 2015-03-17 14:41:28 UTC
This issue has been addressed in the following products:

  MRG for RHEL-6 v.2

Via RHSA-2015:0694 https://rhn.redhat.com/errata/RHSA-2015-0694.html


Note You need to log in before you can comment on or make changes to this bug.