oss-sec mailing list archives

CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation

From: P J P <ppandit () redhat com>
Date: Tue, 24 Mar 2015 14:02:00 +0530 (IST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Hello,

Linux kernel built with the Btrfs Filesystem support(CONFIG_BTRFS_FS) isvulnerable to a race condition which leaves the extended attribute(xattr)empty for a short time window. This could be leveraged to bypass set ACLs andpotentially escalate user privileges.

An unprivileged user could use this flaw to potentially escalate privileges ona system.


Upstream fix:
- -------------
  -> https://git.kernel.org/linus/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339


Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVESEAAAoJEN0TPTL+WwQf4jEQAKz/fs8rptK2TOpN8sb3tjq/
RaLXXcddHYRo5sHybzsM9WpBgnz3lHGtgf80990976G28SjR5n1qKRxywYr8Fzza
XBfWR+eQ4BizIJ1Jv5jL4RJYFAePoba13edlB0cIhfNPHaFnW5aPswiDuTsfNcMX
Y9jhEciePAvxc2P4inQi7A6d00StBkVq0K8nsIECf0fWjXJ7UkgVY4Uf7UPKr+eM
JWPjRIjF07uqDZG8XkySkEQblEs9HD6xNS6hGlroiODMOqY0QWybRZhqQA9JvN5a
p51VYW+c7GNyaxSeByqq7imjn6liaRnjk7j/G2lzT+PDm6ouw0krq5+MKAq6i6Qf
Nl4r3mKy3F6MgyO5g5VUo++TsnP9+8Ru/NukUwfstSbQqvHZLR8xPq3kySMkaYdM
QFUju7BlSSy8hc7sn/bRh3D8+34Dljn3s4LtWuxLyKN5Uh/xgwhyODQnqqILVv1K
GNjmXQhrnV+LtY22+n2ywfrQFsZBF/A74zNDtMsc8V1/ptFyNCtWnjtdJNohunUE
KQoixT7UDXzb9Wmv7blznsHLZtADcC2bZPleLU4nEPrckt/79sG0cw9X8SYjZBkc
J+LpmMxGBdffq2T/O1Qwve1tWfyPZykxerFUrNdWmJmSYi11BZxSD9igMX/AdAk7
L4Hm3L8rwKNFYgGgpKCM
=To/S
-----END PGP SIGNATURE-----

Current thread:

CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation P J P (Mar 24)
- Re: CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation cve-assign (Mar 24)