Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 15 May 2017 15:40:39 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7495 kernel : information leak on ext4 when hardware reset.

When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).

This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.


Reference:

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824

Thanks

--

Wade Mealing
Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ