oss-sec mailing list archives

Re: CVE request: kernel: btrfs

From: Josh Bressers <bressers () redhat com>
Date: Wed, 21 Jul 2010 14:11:52 -0400 (EDT)


----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:

Fixes for two issues in btrfs were committed upstream:

1.  The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls allowed a
local user to overwrite append-only files.


Please use CVE-2010-2537.


2.  The BTRFS_IOC_CLONE_RANGE ioctl was subject to an integer
overflow
in specifying offsets to copy from a file, which potentially allows a
local user to read sensitive filesystem data.


Please use CVE-2010-2538


Reference:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2ebc3464781ad24474abcbd2274e6254689853b5


Thanks.

-- 
    JB

Current thread:

CVE request: kernel: btrfs Dan Rosenberg (Jul 21)
- Re: CVE request: kernel: btrfs Josh Bressers (Jul 21)