Bugzilla – Bug 51125
VUL-0: CVE-2004-0181: kernel: jfs info leak
Last modified: 2021-10-09 08:20:18 UTC
Hello Hubert, now we have a confirmation and a patch for the JFS info leakage. It is still not public...
<!-- SBZ_reproduce --> -
Created attachment 16692 [details] jfs_leak.patch
Date: Tue, 16 Mar 2004 14:00:57 -0600 From: Dave Kleikamp <shaggy@austin.ibm.com> To: Marcelo Tosatti <marcelo.tosatti@cyclades.com> Cc: Nathan Scott <nathans@sgi.com>, Martin Schulze <joey@infodrom.org>, vendor-sec@lst.de, Chris Wright <chrisw@osdl.org> Subject: Re: [vendor-sec] Outstanding kernel security issues On Tue, 2004-03-16 at 12:38, Marcelo Tosatti wrote: > On Tue, 16 Mar 2004, Nathan Scott wrote: > > > On Tue, Mar 16, 2004 at 05:00:39AM -0300, Marcelo Tosatti wrote: > > > > > > Heads up: I just applied tytso's patch to JBD, and will release > > > 2.4.26-pre4 with it in a few minutes. > > > > > > Chris, any news on JFS ? > > > > > > Nathan, from what I read XFS also has a similar problem. I dont recall > > > getting a fix for that one. > > > > Hi Marcelo, > > > > The XFS fix went into your bk tree last weekend (at the same time > > as the fix for the compiler warning that Dave Miller noticed). > > The 2.6 fix went into Linus' tree at around the same time. > > Fine, thanks. > > Dave, Chris, what about JFS ? The 2.4 patch actually was nearly identical to the 2.6 patch. You can pull it from http://jfs.bkbits.net/linux-2.4 Here's the patch: # This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2004/03/16 13:50:54-06:00 shaggy@austin.ibm.com # JFS: zero new log pages, etc. # diff -Nru a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c --- a/fs/jfs/jfs_logmgr.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/jfs_logmgr.c Tue Mar 16 13:53:18 2004 @@ -1697,7 +1697,7 @@ if (lbuf == 0) goto error; lbuf->l_bh.b_data = lbuf->l_ldata = - (char *) __get_free_page(GFP_KERNEL); + (char *) get_zeroed_page(GFP_KERNEL); if (lbuf->l_ldata == 0) { kfree(lbuf); goto error; diff -Nru a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c --- a/fs/jfs/jfs_metapage.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/jfs_metapage.c Tue Mar 16 13:53:18 2004 @@ -385,6 +385,10 @@ } mp->data = kmap(mp->page) + page_offset; } + + if (new) + memset(mp->data, 0, PSIZE); + jfs_info("__get_metapage: returning = 0x%p", mp); return mp; diff -Nru a/fs/jfs/super.c b/fs/jfs/super.c --- a/fs/jfs/super.c Tue Mar 16 13:53:18 2004 +++ b/fs/jfs/super.c Tue Mar 16 13:53:18 2004 @@ -481,10 +481,10 @@ if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == SLAB_CTOR_CONSTRUCTOR) { + memset(jfs_ip, 0, sizeof(struct jfs_inode_info)); INIT_LIST_HEAD(&jfs_ip->anon_inode_list); init_rwsem(&jfs_ip->rdwrlock); init_MUTEX(&jfs_ip->commit_sem); - jfs_ip->atlhead = 0; jfs_ip->active_ag = -1; } } _______________________________________________ Vendor Security mailing list Vendor Security@lst.de https://www.lst.de/cgi-bin/mailman/listinfo/vendor-sec
CAN-2004-0181
Test - please ignore!
test
Kernels are waiting for check in now. Your turn ;)
Thanks a lot Hubert!
packages approved
CVE-2004-0181: CVSS v2 Base Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)