CVE-2015-8374
kernel: Information leak when truncating of compressed/inlined extents on BTRFS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
fs/btrfs/inode.c en el kernel de Linux en versiones anteriores a 4.3.3 no maneja correctamente extensiones en línea comprimidas, lo que permite a usuarios locales obtener información sensible previa al truncamiento desde un archivo a través de una acción clone.
An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-11-27 CVE Reserved
- 2015-12-18 CVE Published
- 2023-07-12 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (22)
URL | Tag | Source |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 | X_refsource_confirm | |
http://www.openwall.com/lists/oss-security/2015/11/27/2 | Mailing List | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/78219 | Vdb Entry | |
http://www.securitytracker.com/id/1034895 | Vdb Entry | |
https://github.com/torvalds/linux/commit/0305cd5f7fca85dae392b9ba85b116896eb7c1c7 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2016-2574.html | 2018-01-05 | |
http://rhn.redhat.com/errata/RHSA-2016-2584.html | 2018-01-05 | |
http://www.debian.org/security/2015/dsa-3426 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2886-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2887-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2887-2 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2888-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2889-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2889-2 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2890-1 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2890-2 | 2018-01-05 | |
http://www.ubuntu.com/usn/USN-2890-3 | 2018-01-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1286261 | 2016-11-03 | |
https://access.redhat.com/security/cve/CVE-2015-8374 | 2016-11-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.3.2 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.3.2" | - |
Affected
|