CVE-2010-2226
Published: 3 September 2010
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file.
From the Ubuntu Security Team
Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. A local attacker could exploit this to read from write-only files, leading to a loss of privacy.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.6.24-28.80)
|
|
jaunty |
Released
(2.6.28-19.66)
|
|
karmic |
Released
(2.6.31-22.67)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
upstream |
Released
(2.6.35~rc4)
|
|
Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=1817176a86352f65210139d4c794ad2d19fc6b63 hardy: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2226/patches/hardy/linux/0001-xfs-prevent-swapext-from-operating-on-write-only-files.txt jaunty: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2226/patches/jaunty/linux/0001-xfs-prevent-swapext-from-operating-on-write-only-files.txt karmic: http://chinstrap.ubuntu.com/~bradf/CVEs/CVE-2010-2226/patches/karmic/linux/0001-xfs-prevent-swapext-from-operating-on-write-only-files.txt |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-307.21)
|
|
lucid |
Released
(2.6.32-309.18)
|
|
maverick |
Ignored
(binary supplied by "linux" now)
|
|
upstream |
Released
(2.6.35~rc4)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.30)
|
|
lucid |
Released
(2.6.31-608.22)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.35~rc4)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(2.6.35-25.44~lucid1)
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.35~rc4)
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Released
(2.6.35~rc4)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226
- http://marc.info/?l=oss-security&m=127677135609357&w=2
- https://ubuntu.com/security/notices/USN-1000-1
- https://ubuntu.com/security/notices/USN-1074-1
- https://ubuntu.com/security/notices/USN-1074-2
- https://ubuntu.com/security/notices/USN-1083-1
- NVD
- Launchpad
- Debian