Summary: | Kernel: Ext4 "move extents" ioctl privilege elevation (CVE-2009-4131) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bernd Marienfeldt <bernd> |
Component: | Kernel | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hardened-kernel+disabled, josh, kernel, WineLauncher.Jonathan |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git;a=commit;h=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 | ||
Whiteboard: | [linux <2.6.31.8] [linux >=2.6.32 <2.6.32.1] [gp <2.6.31-9] [gp >=2.6.32-1 <2.6.32-2] | ||
Package list: | Runtime testing required: | --- |
Description
Bernd Marienfeldt
2009-12-10 10:22:44 UTC
Using this one to track CVE-2009-4131, CVE-2009-1298 will be done in #296393. Thanks. CVE-2009-4131 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4131): The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. Good Afternoon, Do we have any updates on this bug please? This is patch is included in >= gentoo-sources-2.6.31-r8 and gentoo-sources-2.6.32-r1 |