CVE-2015-0274

Published: 16 March 2015

The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.

From the Ubuntu security team

Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges.

Priority

High

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.13.0-48.80)
Patches:
Introduced by e461fcb194172b3f709e0b478d2ac1bdac7ab9a3
Fixed by 8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59
linux-armadaxp
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-flo
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-grouper
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-linaro-omap
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-raring
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

This package is not directly supported by the Ubuntu Security Team
linux-lts-trusty
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.19.0-18.18~14.04.1])
linux-maguro
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mako
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-manta
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was ignored)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (3.15~rc5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support
tyhicks
Introduced in v3.11-rc1 and fixed in v3.15-rc5
According to Red Hat, local priv escalation is possible

References

Bugs