Bug 1643988 (CVE-2018-18690) - CVE-2018-18690 kernel: filesystem corruption due to an unchecked error condition during an xfs attribute change
Summary: CVE-2018-18690 kernel: filesystem corruption due to an unchecked error condit...
Keywords:
Status: NEW
Alias: CVE-2018-18690
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1740254 1740255 1644116 1740256
Blocks: 1643989
TreeView+ depends on / blocked
 
Reported: 2018-10-29 16:47 UTC by Laura Pardo
Modified: 2019-09-29 15:01 UTC (History)
44 users (show)

Fixed In Version: kernel 4.17-rc4
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Laura Pardo 2018-10-29 16:47:35 UTC
A vulnerability was found in the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. 


References:
https://bugzilla.kernel.org/show_bug.cgi?id=199119

Upstream Patch:
https://github.com/torvalds/linux/commit/7b38460dc8e4eafba06c78f8e37099d3b34d473c

Comment 5 💾 Wade Mealing 💾 2018-10-30 04:11:33 UTC
Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it did affect it earlier.

This issue was unintentionally fixed in the release of kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer.

Comment 6 Zorro Lang 2018-11-09 03:45:33 UTC
(In reply to Wade Mealing from comment #5)
> Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it
> did affect it earlier.
> 
> This issue was unintentionally fixed in the release of
> kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer.

I think there's 'unintentionally fix' bug :) please check bug 1590625.

Thanks,
Zorro

Comment 7 Zorro Lang 2018-11-09 03:46:44 UTC
(In reply to Zorro Lang from comment #6)
> (In reply to Wade Mealing from comment #5)
> > Red Hat Enterprise Linux 7 is currently not affected by this flaw, but it
> > did affect it earlier.
> > 
> > This issue was unintentionally fixed in the release of
> > kernel-3.10.0-912.el7, it will be fixed in all 3.10.0-912 versions and newer.
> 
> I think there's 'unintentionally fix' bug :) please check bug 1590625.
   ^
  don't

> 
> Thanks,
> Zorro

Comment 8 💾 Wade Mealing 💾 2019-03-06 04:15:00 UTC
@Zorro, 

Maybe.. but to me it looked to be fixed as a side-affect at the time.  Done is done.


Note You need to log in before you can comment on or make changes to this bug.