First published: Thu Oct 25 2012(Updated: )
A race condition flaw has been found in the way asynchronous I/O and fallocate interacted which can lead to exposure of stale data -- that is, an extent which should have had the "uninitialized" bit set indicating that its blocks have not yet been written and thus contain data from a deleted file. An unprivileged local user could use this flaw to cause an information leak. Acknowledgements: Red Hat would like to thank Theodore Ts'o for reporting this issue. Upstream acknowledges Dmitry Monakhov as the original reporter. References: <a href="http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dee1f973ca341c266229faa5a1a5bb268bed3531">http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dee1f973ca341c266229faa5a1a5bb268bed3531</a>
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat Linux |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-869904 is considered high due to the potential exposure of stale data from deleted files.
To fix REDHAT-BUG-869904, you should apply the latest patches or updates provided by Red Hat for your Linux Kernel.
REDHAT-BUG-869904 affects the Red Hat Linux Kernel and can lead to data integrity issues.
REDHAT-BUG-869904 is not a common vulnerability but it poses significant risks in specific scenarios involving asynchronous I/O operations.
Any users or systems running the affected versions of the Red Hat Linux Kernel are impacted by REDHAT-BUG-869904.