|
oss-sec
mailing list archives
CVE-2017-7495 kernel : information leak on ext4 when hardware reset.
From: Wade Mealing <wmealing () redhat com>
Date: Mon, 15 May 2017 15:40:39 +1000
When a power failure (or hardware reset) occurs, applications writing to an
ext4 filesystem system may create a situation in which writes to one file
may appear in another file (ergo information leak).
This may be at least data corruption, a controlled attacker may be able to
leverage this to steal data from writes to the same ext4 subsystem.
Reference:
Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1450261
Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824
Thanks
--
Wade Mealing
Red Hat Product Security
 By Date 
By Thread
Current thread:
- CVE-2017-7495 kernel : information leak on ext4 when hardware reset. Wade Mealing (May 14)
|
