QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0463

Published: Apr 10, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.novell.com/show_bug.cgi?id=673037

x_refsource_CONFIRM

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1

x_refsource_CONFIRM

[ocfs2-devel] 20110217 [PATCH] Treat writes as new when holes span across page boundaries

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.