CVE-2010-2943
Published: 30 September 2010
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
From the Ubuntu Security Team
Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(2.6.24-28.82)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(2.6.31-22.70)
|
|
| lucid |
Released
(2.6.32-27.49)
|
|
| maverick |
Released
(2.6.35-22.35)
|
|
| natty |
Not vulnerable
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188 upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa |
||
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Released
(2.6.31-307.23)
|
|
| lucid |
Released
(2.6.32-311.22)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Released
(2.6.31-112.30)
|
|
| lucid |
Released
(2.6.31-608.21)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(2.6.35-23.40~lucid1)
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Released
(2.6.32-213.29)
|
|
| maverick |
Released
(2.6.32-415.32)
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-55.91)
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| maverick |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| upstream |
Released
(2.6.35~rc4)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.1 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
References
- http://www.openwall.com/lists/oss-security/2010/08/18/2
- https://ubuntu.com/security/notices/USN-1041-1
- https://ubuntu.com/security/notices/USN-1057-1
- https://ubuntu.com/security/notices/USN-1072-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- https://ubuntu.com/security/notices/USN-1093-1
- https://www.cve.org/CVERecord?id=CVE-2010-2943
- NVD
- Launchpad
- Debian