oss-sec mailing list archives
CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation
From: P J P <ppandit () redhat com>
Date: Tue, 24 Mar 2015 14:02:00 +0530 (IST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,Linux kernel built with the Btrfs Filesystem support(CONFIG_BTRFS_FS) is vulnerable to a race condition which leaves the extended attribute(xattr) empty for a short time window. This could be leveraged to bypass set ACLs and potentially escalate user privileges.
An unprivileged user could use this flaw to potentially escalate privileges on a system.
Upstream fix: - ------------- -> https://git.kernel.org/linus/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVESEAAAoJEN0TPTL+WwQf4jEQAKz/fs8rptK2TOpN8sb3tjq/ RaLXXcddHYRo5sHybzsM9WpBgnz3lHGtgf80990976G28SjR5n1qKRxywYr8Fzza XBfWR+eQ4BizIJ1Jv5jL4RJYFAePoba13edlB0cIhfNPHaFnW5aPswiDuTsfNcMX Y9jhEciePAvxc2P4inQi7A6d00StBkVq0K8nsIECf0fWjXJ7UkgVY4Uf7UPKr+eM JWPjRIjF07uqDZG8XkySkEQblEs9HD6xNS6hGlroiODMOqY0QWybRZhqQA9JvN5a p51VYW+c7GNyaxSeByqq7imjn6liaRnjk7j/G2lzT+PDm6ouw0krq5+MKAq6i6Qf Nl4r3mKy3F6MgyO5g5VUo++TsnP9+8Ru/NukUwfstSbQqvHZLR8xPq3kySMkaYdM QFUju7BlSSy8hc7sn/bRh3D8+34Dljn3s4LtWuxLyKN5Uh/xgwhyODQnqqILVv1K GNjmXQhrnV+LtY22+n2ywfrQFsZBF/A74zNDtMsc8V1/ptFyNCtWnjtdJNohunUE KQoixT7UDXzb9Wmv7blznsHLZtADcC2bZPleLU4nEPrckt/79sG0cw9X8SYjZBkc J+LpmMxGBdffq2T/O1Qwve1tWfyPZykxerFUrNdWmJmSYi11BZxSD9igMX/AdAk7 L4Hm3L8rwKNFYgGgpKCM =To/S -----END PGP SIGNATURE-----
Current thread:
- CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation P J P (Mar 24)
- Re: CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation cve-assign (Mar 24)