Bug 899480 - (CVE-2014-7283) VUL-0: CVE-2014-7283: kernel: xfs: memory corruption by creating directories
VUL-0: CVE-2014-7283: kernel: xfs: memory corruption by creating directories
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Kernel Bugs
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-10-02 05:38 UTC by Marcus Meissner
Modified: 2021-04-19 11:36 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-10-02 05:38:00 UTC
via oss-sec

From: Hannes Frederic Sowa <hannes@stressinduktion.org>
Date: Thu, 02 Oct 2014 00:05:45 +0200
Subject: [oss-security] xfs directory hash ordering bug


Another kernel bug which did not get a CVE yet, but should be considered
to get one (sorry for the late notification):


Basically it allows a local user to corrupt a xfs filesystem by just
creating directories. Depending on whether it is the root filesystem or
not the kernel panics or just oopses and forcefully disconnects the

The commit states that xfs_repair repairs the filesystem but IIRC
further access to that directory would still cause the kernel to either
oops or panic. So xfs_repair could not correctly fix the filesystem in
all situations. But I am not sure anymore and didn't follow up on this
(I had a relocation coming up).

My initial report here:


Comment 1 Michal Hocko 2014-10-02 07:18:14 UTC
3.10+ issue so not TD branch is affected.
Comment 3 Marcus Meissner 2014-10-02 08:54:09 UTC
SLE12, openSUSE 13.1, 13.2, Factory affected.
Comment 4 SMASH SMASH 2014-10-02 08:55:07 UTC
Affected packages:

SLE-12: kernel-source
Comment 5 Borislav Petkov 2014-10-02 09:31:14 UTC
Actually, SLE12 has the fix: the respective stable commit id fd4037cadecf7b5c0e288c19d958917ac1c62a83 went in in 3.12.18 stable AFAICT.
Comment 6 Swamp Workflow Management 2014-10-02 22:00:13 UTC
bugbot adjusting priority
Comment 7 Michal Marek 2014-11-07 14:22:21 UTC
The fix went into 3.15-rc1, so openSUSE 13.2 and Factory are fine. openSUSE 13.1 is indeed missing the fix.
Comment 8 Jan Kara 2014-11-10 10:27:55 UTC
Pushed to openSUSE 13.1 kernel branch. All is done so moving the bug back to security-team.
Comment 9 Marcus Meissner 2015-03-05 08:03:04 UTC
no need to continue tracking for opensuse, will be in next update