Your submission was sent successfully! Close

CVE-2010-2943

Published: 30 September 2010

The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.

From the Ubuntu Security Team

Dave Chinner discovered that the XFS filesystem did not correctly order inode lookups when exported by NFS. A remote attacker could exploit this to read or write disk blocks that had changed file assignment or had become unlinked, leading to a loss of privacy.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.82)
jaunty Ignored
(reached end-of-life)
karmic
Released (2.6.31-22.70)
lucid
Released (2.6.32-27.49)
maverick
Released (2.6.35-22.35)
natty Not vulnerable

upstream
Released (2.6.35~rc4)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7124fe0a5b619d65b739477b3b55a20bf805b06d
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1920779e67cbf5ea8afef317777c5bf2b8096188
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7b6259e7a83647948fa33a736cc832310c8d85aa
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic
Released (2.6.31-307.23)
lucid
Released (2.6.32-311.22)
maverick Ignored
(binary supplied by "linux" now)
natty Does not exist

upstream
Released (2.6.35~rc4)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.21)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc4)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid
Released (2.6.35-23.40~lucid1)
maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc4)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(abandonded branch)
lucid
Released (2.6.32-213.29)
maverick
Released (2.6.32-415.32)
natty Does not exist

upstream
Released (2.6.35~rc4)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-55.91)
hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

upstream
Released (2.6.35~rc4)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick Not vulnerable

natty Not vulnerable

upstream
Released (2.6.35~rc4)