CVE ID:	CVE-2010-2943
Description:	The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2943 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42527 http://www.securityfocus.com/bid/42527 42758 http://secunia.com/advisories/42758 43161 http://secunia.com/advisories/43161 46397 http://secunia.com/advisories/46397 ADV-2011-0070 http://www.vupen.com/english/advisories/2011/0070 ADV-2011-0280 http://www.vupen.com/english/advisories/2011/0280 RHSA-2010:0723 http://www.redhat.com/support/errata/RHSA-2010-0723.html USN-1041-1 http://www.ubuntu.com/usn/USN-1041-1 USN-1057-1 http://www.ubuntu.com/usn/USN-1057-1 [linux-xfs] 20100620 [PATCH 0/4, V2] xfs: validate inode numbers in file handles correctly http://article.gmane.org/gmane.comp.file-systems.xfs.general/33767 [linux-xfs] 20100620 [PATCH 2/4] xfs: validate untrusted inode numbers during lookup http://article.gmane.org/gmane.comp.file-systems.xfs.general/33771 [linux-xfs] 20100620 [PATCH 3/4] xfs: rename XFS_IGET_BULKSTAT to XFS_IGET_UNTRUSTED http://article.gmane.org/gmane.comp.file-systems.xfs.general/33768 [linux-xfs] 20100620 [PATCH 4/4] xfs: remove block number from inode lookup code http://article.gmane.org/gmane.comp.file-systems.xfs.general/33769 [oss-security] 20100818 CVE request - kernel: xfs: stale data exposure http://www.openwall.com/lists/oss-security/2010/08/18/2 [oss-security] 20100819 Re: CVE request - kernel: xfs: stale data exposure http://www.openwall.com/lists/oss-security/2010/08/19/5 [xfs] 20100617 [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2 http://oss.sgi.com/archives/xfs/2010-06/msg00191.html [xfs] 20100618 Re: [PATCH] xfsqa: test open_by_handle() on unlinked and freed inode clusters V2 http://oss.sgi.com/archives/xfs/2010-06/msg00198.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa http://support.avaya.com/css/P8/documents/100113326 http://support.avaya.com/css/P8/documents/100113326 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=624923 https://bugzilla.redhat.com/show_bug.cgi?id=624923