http://bugzilla.opensuse.org/show_bug.cgi?id=1039010 Bug ID: 1039010 Summary: VUL-0: CVE-2017-7495: kernel-source: information leak on ext4 when hardware reset Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q2/259 ============================================= When a power failure (or hardware reset) occurs, applications writing to an ext4 filesystem system may create a situation in which writes to one file may appear in another file (ergo information leak). This may be at least data corruption, a controlled attacker may be able to leverage this to steal data from writes to the same ext4 subsystem. Reference: Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1450261 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ============================================= -- You are receiving this mail because: You are on the CC list for the bug.