Vigil@nce - Linux kernel: file reading via fallocate on ext4
October 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an ext4 filesystem is used, a local attacker can call the
fallocate() function, in order to read fragments of deleted files.
Impacted products: Linux
Severity: 1/4
Creation date: 25/10/2012
DESCRIPTION OF THE VULNERABILITY
The ext4 filesystem uses "extents" to store contiguous information.
The fallocate() function is used to allocate space for a file.
The ext4_convert_unwritten_extents_endio() function of the
fs/ext4/extents.c file converts unused extents (coming from
deleted files).
However, if the fallocate() function is called during the
execution of ext4_convert_unwritten_extents_endio(), the user
obtains file blocks which are not reinitialized, and thus contain
data from the deleted file.
When an ext4 filesystem is used, a local attacker can therefore
call the fallocate() function, in order to read fragments of
deleted files.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-file-reading-via-fallocate-on-ext4-12093