The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the
Linux kernel before 2.6.36-rc4 does not initialize a certain structure
member, which allows local users to obtain potentially sensitive
information from kernel stack memory via an ioctl call.
Dan Rosenberg discovered that certain XFS ioctls leaked kernel stack
contents. A local attacker could exploit this to read portions of kernel
memory, leading to a loss of privacy.
Updated: 2015-10-17 03:35:42 UTC (commit 10086)