CVE-2014-7283
Publication date 13 October 2014
Last updated 24 July 2024
Ubuntu priority
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.
From the Ubuntu Security Team
Hannes Frederic Sowa reported a hash collision ordering problem in the xfs filesystem in the Linux kernel. A local user could exploit this flaw to cause filesystem corruption and a denial of service (oops or panic).
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
14.04 LTS trusty |
Fixed 3.13.0-27.50
|
|
linux-armadaxp | ||
14.04 LTS trusty | Not in release | |
linux-ec2 | ||
14.04 LTS trusty | Not in release | |
linux-flo | ||
14.04 LTS trusty | Not in release | |
linux-fsl-imx51 | ||
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
14.04 LTS trusty | Not in release | |
linux-grouper | ||
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
14.04 LTS trusty | Not in release | |
linux-maguro | ||
14.04 LTS trusty | Not in release | |
linux-mako | ||
14.04 LTS trusty | Not in release | |
linux-manta | ||
14.04 LTS trusty | Not in release | |
linux-mvl-dove | ||
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support per Debian, introduced in 3.10 reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e per apw, this was fixed in passing in 3.13.0-39.66~precise1, part of https://ubuntu.com/security/notices/USN-2394-1, but not documented in the changelog or the USN.
References
Related Ubuntu Security Notices (USN)
- USN-2226-1
- Linux kernel vulnerabilities
- 27 May 2014
- USN-2260-1
- Linux kernel (Trusty HWE) vulnerabilities
- 27 June 2014
- USN-2239-1
- Linux kernel (Saucy HWE) vulnerabilities
- 5 June 2014