Bug 742027 (CVE-2012-0055) - VUL-0: CVE-2012-0055: kernel: overlayfs: missing inode security checks
Summary: VUL-0: CVE-2012-0055: kernel: overlayfs: missing inode security checks
Status: RESOLVED INVALID
Alias: CVE-2012-0055
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: E-mail List
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-18 08:05 UTC by Sebastian Krahmer
Modified: 2017-04-04 17:47 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2012-01-18 08:05:39 UTC 
From: Marc Deslauriers
To: coley
Cc: oss-security
Date: Tue, 17 Jan 2012 12:55:07 -0500


Could we please get a CVE assigned to the following issue:

overlayfs, as used in the Ubuntu kernel, doesn't perform required inode
security checks, bypassing intended security restrictions.

Bug:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/915941

Upstream source:
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git

Thanks,

Marc.
Comment 1 Sebastian Krahmer 2012-01-18 08:06:06 UTC 
CVE-2012-0055
Comment 2 Michal Hocko 2012-01-18 10:27:55 UTC 
Doesn't affect any of SLES*-TD branches
Comment 3 Swamp Workflow Management 2012-01-20 23:00:22 UTC 
bugbot adjusting priority
Comment 4 Marcus Meissner 2012-01-24 14:01:47 UTC 
we do not include overlayfs, it seems to be a Ubuntu local addition.