Bugzilla – Bug 899480
VUL-0: CVE-2014-7283: kernel: xfs: memory corruption by creating directories
Last modified: 2021-04-19 11:36:33 UTC
via oss-sec From: Hannes Frederic Sowa <hannes@stressinduktion.org> Date: Thu, 02 Oct 2014 00:05:45 +0200 Subject: [oss-security] xfs directory hash ordering bug Hello! Another kernel bug which did not get a CVE yet, but should be considered to get one (sorry for the late notification): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d Basically it allows a local user to corrupt a xfs filesystem by just creating directories. Depending on whether it is the root filesystem or not the kernel panics or just oopses and forcefully disconnects the filesystem. The commit states that xfs_repair repairs the filesystem but IIRC further access to that directory would still cause the kernel to either oops or panic. So xfs_repair could not correctly fix the filesystem in all situations. But I am not sure anymore and didn't follow up on this (I had a relocation coming up). My initial report here: http://marc.info/?l=linux-xfs&m=139590613002926&w=2 Reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e Thanks, Hannes
3.10+ issue so not TD branch is affected.
SLE12, openSUSE 13.1, 13.2, Factory affected.
Affected packages: SLE-12: kernel-source
Actually, SLE12 has the fix: the respective stable commit id fd4037cadecf7b5c0e288c19d958917ac1c62a83 went in in 3.12.18 stable AFAICT.
bugbot adjusting priority
The fix went into 3.15-rc1, so openSUSE 13.2 and Factory are fine. openSUSE 13.1 is indeed missing the fix.
Pushed to openSUSE 13.1 kernel branch. All is done so moving the bug back to security-team.
no need to continue tracking for opensuse, will be in next update