| Bug ID | 1039010 |
|---|---|
| Summary | VUL-0: CVE-2017-7495: kernel-source: information leak on ext4 when hardware reset |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: http://seclists.org/oss-sec/2017/q2/259 ============================================= When a power failure (or hardware reset) occurs, applications writing to an ext4 filesystem system may create a situation in which writes to one file may appear in another file (ergo information leak). This may be at least data corruption, a controlled attacker may be able to leverage this to steal data from writes to the same ext4 subsystem. Reference: Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1450261 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824 =============================================