mailing list archives
CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 25 Oct 2012 08:41:41 +0200
A race condition flaw has been found in the way asynchronous I/O and
fallocate interacted which can lead to exposure of stale data -- that
is, an extent which should have had the "uninitialized" bit set
indicating that its blocks have not yet been written and thus contain
data from a deleted file. An unprivileged local user could use this flaw
to cause an information leak.
Red Hat would like to thank Theodore Tso for reporting this issue.
Upstream acknowledges Dmitry Monakhov as the original reporter.
Please see https://bugzilla.redhat.com/show_bug.cgi?id=869904#c1 for
further information regarding the patch.
Petr Matousek / Red Hat Security Response Team
- CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure Petr Matousek (Oct 25)