oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2017-7495 kernel : information leak on ext4 when hardware reset.

From: Wade Mealing <wmealing () redhat com>
Date: Mon, 15 May 2017 15:40:39 +1000
When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).

This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.


Reference:

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824

Thanks

--

Wade Mealing
Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: