Описание
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| linux | fixed | 4.2.6-2 | package | |
| linux | fixed | 3.16.7-ckt20-1+deb8u1 | jessie | package |
| linux | fixed | 3.2.78-1 | wheezy | package |
| linux-2.6 | removed | package | ||
| linux-2.6 | no-dsa | squeeze | package |
Примечания
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 (v4.4-rc1)
https://www.openwall.com/lists/oss-security/2015/11/27/2
CVE assignment for the vulnerability with the impact of "User B now
gets to see the 1000 bytes that user A truncated from its file before
it made its file world readable"
EPSS
Связанные уязвимости
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
ELSA-2016-3618: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS