CVE-2010-2946 (retired)

Priority
Description
fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle
a certain legacy format for storage of extended attributes, which might
allow local users by bypass intended xattr namespace restrictions via an
"os2." substring at the beginning of a name.
Ubuntu-Description
Sergey Vlasov discovered that JFS did not correctly handle certain extended
attributes. A local attacker could bypass namespace access rules, leading
to a loss of privacy.
Assigned-to
sconklin
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:52:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)