[v2.6] kernel: fs: btrfs: non-atomic xattr replace operation (CVE-2014-9710)
Linux kernel built with the Btrfs Filesystem support(CONFIG_BTRFS_FS)
is
vulnerable to a race condition which leaves the extended
attribute(xattr)
empty for a short time window. This could be leveraged to bypass set
ACLs
and potentially escalate user privileges.
An unprivileged user could use this flaw to potentially escalate
privileges on
a system.
Upstream fix:
——————-
->
https://git.kernel.org/linus/5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339
References:
http://seclists.org/oss-sec/2015/q1/999
https://bugzilla.redhat.com/show\_bug.cgi?id=1205079
(from redmine: issue id 4054, created on 2015-04-07, closed on 2017-09-05)
- Relations:
- parent #4053