CVE-2010-2943

Priority
Description
The xfs implementation in the Linux kernel before 2.6.35 does not look up
inode allocation btrees before reading inode buffers, which allows remote
authenticated users to read unlinked files, or read or overwrite disk
blocks that are currently assigned to an active file but were previously
assigned to an unlinked file, by accessing a stale NFS filehandle.
Ubuntu-Description
Dave Chinner discovered that the XFS filesystem did not correctly order
inode lookups when exported by NFS. A remote attacker could exploit this to
read or write disk blocks that had changed file assignment or had become
unlinked, leading to a loss of privacy.
Assigned-to
ogasawara
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.35~rc4)
Patches:
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188
Upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa
Hardy:git://kernel.ubuntu.com/ubuntu/ubuntu-hardy.git bb9360709c019344a618df46123cce542865e008 xfs: validate untrusted inode numbers during lookup
Hardy:git://kernel.ubuntu.com/ubuntu/ubuntu-hardy.git c8f9fc88e4a2d396205ecfe7beba0dd9d7064ad0 xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Hardy:git://kernel.ubuntu.com/ubuntu/ubuntu-hardy.git 2c23f01d6b6452f4734b9221acba0df937252e50 xfs: remove block number from inode lookup code
Hardy:git://kernel.ubuntu.com/ubuntu/ubuntu-hardy.git 9edba5fca9a3f1922626650e0fcb99e27cb8cd83 xfs: fix untrusted inode number lookup
Karmic:git://kernel.ubuntu.com/ubuntu/ubuntu-karmic.git 2a0f443f82751aa90ab826b5208add259d6da8b8 xfs: validate untrusted inode numbers during lookup
Karmic:git://kernel.ubuntu.com/ubuntu/ubuntu-karmic.git b301bbdde9e702057643052687ef6decf7d855f7 xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Karmic:git://kernel.ubuntu.com/ubuntu/ubuntu-karmic.git a9d28ec5bfe7cbe2f2a331c0099443356ee5c103 xfs: remove block number from inode lookup code
Karmic:git://kernel.ubuntu.com/ubuntu/ubuntu-karmic.git 790f127292f0e13464ac401b68e42706518d1bc1 xfs: fix untrusted inode number lookup
Lucid:git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git 52e0d703745f7110f1ecbe83c02cf06a83da82e8 xfs: validate untrusted inode numbers during lookup
Lucid:git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git 5f8e8c6ab416bbd58d4f5df512c119a888ff923c xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Lucid:git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git eb5ab28c8a5e4bb3f1ce05eba166c12175f6c701 xfs: remove block number from inode lookup code
Lucid:git://kernel.ubuntu.com/ubuntu/ubuntu-lucid.git 8c3d3b9fa0cac2a07b12f5cfd xfs: fix untrusted inode number lookup
Maverick:git://kernel.ubuntu.com/ubuntu/ubuntu-maverick.git af386abb8df8426a99bdd8036e1e678d1bcd1a32 xfs: fix untrusted inode number lookup
Package
Upstream:released (2.6.35~rc4)
Package
Upstream:released (2.6.35~rc4)
Package
Upstream:released (2.6.35~rc4)
Package
Upstream:released (2.6.35~rc4)
Package
Upstream:released (2.6.35~rc4)
Patches:
Dapper:git://kernel.ubuntu.com/ubuntu/ubuntu-dapper.git 72c3da98216278e2a954455d1324218184fb1112 xfs: validate untrusted inode numbers during lookup
Dapper:git://kernel.ubuntu.com/ubuntu/ubuntu-dapper.git e8a7355822717138184080104841d05dbf2de297 xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED
Dapper:git://kernel.ubuntu.com/ubuntu/ubuntu-dapper.git 19f73c0610a99a3df352731a78823e381f3726f3 xfs: remove block number from inode lookup code
Dapper:git://kernel.ubuntu.com/ubuntu/ubuntu-dapper.git dc64b0f0b86e6dd286df3676d34b012dc4e02140 xfs: fix untrusted inode number lookup
Package
Upstream:released (2.6.35~rc4)
More Information

Updated: 2019-01-14 21:53:34 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)