Date: Fri, 23 Nov 2018 10:20:49 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak Heololo, Vasily Averin and Pavel Tikhomirov from Virtuozzo Kernel Team found way for an unprivileged user to access a content of a deleted file of any other users on a file systems with enabled cleancache. Under certain conditions it may not drop a content of a deleted file on its last iput(). When a newly created file gets an inode number of the previously deleted file its read can get the content of the deleted file saved in cleancache. For now only Xen's tmem driver registers itself as a backend for cleancache: $ git grep cleancache_register_ops ... drivers/xen/tmem.c: err = cleancache_register_ops(&tmem_cleancache_ops); mm/cleancache.c:int cleancache_register_ops(const struct cleancache_ops *ops) This means only Xen's guests with tmem driver active are vulnerable. References: https://lore.kernel.org/patchwork/patch/1011367/ https://bugzilla.redhat.com/show_bug.cgi?id=1649017 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.