Bug 919655 - (CVE-2015-0274) VUL-0: CVE-2015-0274: kernel: xfs: Unprivileged local user can leak kernel memory
VUL-0: CVE-2015-0274: kernel: xfs: Unprivileged local user can leak kernel me...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Jeff Mahoney
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-02-26 08:02 UTC by Johannes Segitz
Modified: 2017-09-20 14:47 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 3 Swamp Workflow Management 2015-02-26 23:00:47 UTC
bugbot adjusting priority
Comment 5 Jan Kara 2015-03-02 09:02:55 UTC
Yeah, this affects only kernels between 3.11 and 3.14 (inclusive). SLE12 branch already has the fix, and 13.2 kernel has the fix from upstream. So the only branch missing the fix is openSUSE-13.1. I'll take care of pushing the fix there.
Comment 6 Jan Kara 2015-03-02 09:11:27 UTC
OK, pushed the fix to openSUSE-13.1 branch.
Comment 7 Marcus Meissner 2015-03-05 12:08:24 UTC
public now.
Comment 8 Jan Kara 2015-04-08 12:54:59 UTC
AFAICT this can be closed. We have the patch in all the relevant branches. Marcus?
Comment 9 Jan Kara 2015-05-18 12:16:17 UTC
Closing the bug since the patch is everywhere for over two months.
Comment 10 Marcus Meissner 2015-09-09 15:25:16 UTC
In SLE12 branch:


commit 72b7a0cf0cee4d8e4107fbb9e6db39a51943bc61
Author: Jan Kara <jack@suse.cz>
Date:   Thu May 22 19:23:36 2014 +0200

    xfs: remote attribute overwrite causes transaction overrun.

-> This was fixed before the release.
Comment 11 Marcus Meissner 2015-09-09 15:26:39 UTC
perl bin/addnote CVE-2015-0274 "This issue affected Linux Kernel 3.11 up to 3.14. The SUSE Linux Enterprise 12 kernel was fixed before the GA shipment. Older SUSE Linux Enterprise versions are not affected."