oss-sec mailing list archives
CVE-2017-7495 kernel : information leak on ext4 when hardware reset.
From: Wade Mealing <wmealing () redhat com>
Date: Mon, 15 May 2017 15:40:39 +1000
When a power failure (or hardware reset) occurs, applications writing to an ext4 filesystem system may create a situation in which writes to one file may appear in another file (ergo information leak). This may be at least data corruption, a controlled attacker may be able to leverage this to steal data from writes to the same ext4 subsystem. Reference: Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1450261 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 Thanks -- Wade Mealing Red Hat Product Security
Current thread:
- CVE-2017-7495 kernel : information leak on ext4 when hardware reset. Wade Mealing (May 14)