LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kernel: information leak

Package(s):kernel CVE #(s):CVE-2012-4508
Created:November 6, 2012 Updated:March 15, 2013
Description: From the Red Hat bugzilla:

A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak.

Alerts:
Fedora FEDORA-2012-17479 2012-11-06
Red Hat RHSA-2012:1491-01 2012-12-04
Red Hat RHSA-2012:1540-01 2012-12-04
CentOS CESA-2012:1540 2012-12-05
Scientific Linux SL-kern-20121206 2012-12-06
Oracle ELSA-2012-1540 2012-12-05
Mageia MGASA-2013-0010 2013-01-18
Mageia MGASA-2013-0009 2013-01-18
Mageia MGASA-2013-0011 2013-01-18
Mageia MGASA-2013-0012 2013-01-18
Ubuntu USN-1704-1 2013-01-22
Mageia MGASA-2013-0016 2013-01-24
Ubuntu USN-1704-2 2013-02-01
Ubuntu USN-1719-1 2013-02-12
Ubuntu USN-1720-1 2013-02-12
Ubuntu USN-1726-1 2013-02-14
Red Hat RHSA-2013:0496-02 2013-02-21
Oracle ELSA-2013-2507 2013-02-28
openSUSE openSUSE-SU-2013:0396-1 2013-03-05
CentOS CESA-2013:0496 2013-03-09
Scientific Linux SL-kern-20130314 2013-03-14
Debian DSA-2668-1 2013-05-14
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds