Bug 919655 – VUL-0: CVE-2015-0274: kernel: xfs: Unprivileged local user can leak kernel memory

Bug 919655 - (CVE-2015-0274) VUL-0: CVE-2015-0274: kernel: xfs: Unprivileged local user can leak kernel memory

(CVE-2015-0274)
Summary:	VUL-0: CVE-2015-0274: kernel: xfs: Unprivileged local user can leak kernel me...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Jeff Mahoney
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:RedHat:CVE-2015-0274:6.9:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-02-26 08:02 UTC by Johannes Segitz
Modified:	2017-09-20 14:47 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 3 Swamp Workflow Management 2015-02-26 23:00:47 UTC

bugbot adjusting priority

Comment 5 Jan Kara 2015-03-02 09:02:55 UTC

Yeah, this affects only kernels between 3.11 and 3.14 (inclusive). SLE12 branch already has the fix, and 13.2 kernel has the fix from upstream. So the only branch missing the fix is openSUSE-13.1. I'll take care of pushing the fix there.

Comment 6 Jan Kara 2015-03-02 09:11:27 UTC

OK, pushed the fix to openSUSE-13.1 branch.

Comment 7 Marcus Meissner 2015-03-05 12:08:24 UTC

public now.

Comment 8 Jan Kara 2015-04-08 12:54:59 UTC

AFAICT this can be closed. We have the patch in all the relevant branches. Marcus?

Comment 9 Jan Kara 2015-05-18 12:16:17 UTC

Closing the bug since the patch is everywhere for over two months.

Comment 10 Marcus Meissner 2015-09-09 15:25:16 UTC

In SLE12 branch:

patches.fixes/xfs-remote-attribute-overwrite-causes-transaction-o.patch

commit 72b7a0cf0cee4d8e4107fbb9e6db39a51943bc61
Author: Jan Kara <jack@suse.cz>
Date:   Thu May 22 19:23:36 2014 +0200

    xfs: remote attribute overwrite causes transaction overrun.


-> This was fixed before the release.

Comment 11 Marcus Meissner 2015-09-09 15:26:39 UTC

perl bin/addnote CVE-2015-0274 "This issue affected Linux Kernel 3.11 up to 3.14. The SUSE Linux Enterprise 12 kernel was fixed before the GA shipment. Older SUSE Linux Enterprise versions are not affected."