Vigil@nce - Linux kernel: information disclosure via device-mapper
November 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create metadata via the device-mapper of the Linux
kernel, in order to read the content of free disk blocks.
Impacted products: Linux, RHEL
Severity: 2/4
Creation date: 17/10/2013
DESCRIPTION OF THE VULNERABILITY
The device-mapper subsystem is used to access to hard disks.
The Snapshot feature is used to create a fixed image, in order to
save it for example, and allows the edition of data, which are
synchronized later. However, the read_exceptions() function of the
drivers/md/dm-snap-persistent.c file does not check if user’s data
contain metadata (control) data.
An attacker can therefore create metadata via the device-mapper of
the Linux kernel, in order to read the content of free disk blocks.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-information-disclosure-via-device-mapper-13612