Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CALJHwhTK3+YqzhtPLa96QNYTkfDRv_YPc0bieXvLgQDRRoFRWQ@mail.gmail.com>
Date: Mon, 15 May 2017 15:40:39 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-7495 kernel : information leak on ext4 when hardware reset.

When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).

This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.


Reference:

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824

Thanks

--

Wade Mealing
Red Hat Product Security

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.