Bug 33478

Summary: CVE-2017-7495: kernel-source: information leak on ext4 when hardware reset
Product: Альт Рабочая станция Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: Ошибки работыAssignee: Michael Shigorin <mike>
Status: CLOSED FIXED QA Contact: qa-p8 <qa-p8>
Severity: normal    
Priority: P3 CC: sem
Version: 8.1   
Hardware: all   
OS: Linux   

Description Mikhail Kasimov 2017-05-15 11:35:03 MSK 
Ref: http://seclists.org/oss-sec/2017/q2/259
============================================
When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).

This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.


Reference:

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824
============================================

Честно говоря, не очень понятно, в какой раздел писать security-reports, ибо отдельного раздела багзиллы security я не нашёл. :( Просьба, если нужно, перетащить репорт в правильный раздел.
Comment 1 Mikhail Efremov 2017-11-02 19:45:43 MSK 
Согласно https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7495 проблема в ядрах < 4.6.2. В alt-workstation-8.2_beta2 kernel-image-std-def-4.9.59-alt0.M80P.1.