Bug 33478 - CVE-2017-7495: kernel-source: information leak on ext4 when hardware reset
Summary: CVE-2017-7495: kernel-source: information leak on ext4 when hardware reset
Status: CLOSED FIXED
Alias: None
Product: Альт Рабочая станция
Classification: Distributions
Component: Ошибки работы (show other bugs)
Version: 8.1
Hardware: all Linux
: P3 normal
Assignee: Michael Shigorin
QA Contact: qa-p8@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-15 11:35 MSK by Mikhail Kasimov
Modified: 2017-11-02 19:45 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-05-15 11:35:03 MSK 
Ref: http://seclists.org/oss-sec/2017/q2/259
============================================
When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).

This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.


Reference:

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824
============================================

Честно говоря, не очень понятно, в какой раздел писать security-reports, ибо отдельного раздела багзиллы security я не нашёл. :( Просьба, если нужно, перетащить репорт в правильный раздел.
Comment 1 Mikhail Efremov 2017-11-02 19:45:43 MSK 
Согласно https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7495 проблема в ядрах < 4.6.2. В alt-workstation-8.2_beta2 kernel-image-std-def-4.9.59-alt0.M80P.1.