8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.02 Low
EPSS
Percentile
88.8%
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
article.gmane.org/gmane.comp.file-systems.xfs.general/33767
article.gmane.org/gmane.comp.file-systems.xfs.general/33768
article.gmane.org/gmane.comp.file-systems.xfs.general/33769
article.gmane.org/gmane.comp.file-systems.xfs.general/33771
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1920779e67cbf5ea8afef317777c5bf2b8096188
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7124fe0a5b619d65b739477b3b55a20bf805b06d
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7b6259e7a83647948fa33a736cc832310c8d85aa
oss.sgi.com/archives/xfs/2010-06/msg00191.html
oss.sgi.com/archives/xfs/2010-06/msg00198.html
secunia.com/advisories/42758
secunia.com/advisories/43161
secunia.com/advisories/46397
support.avaya.com/css/P8/documents/100113326
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35
www.openwall.com/lists/oss-security/2010/08/18/2
www.openwall.com/lists/oss-security/2010/08/19/5
www.redhat.com/support/errata/RHSA-2010-0723.html
www.securityfocus.com/archive/1/520102/100/0/threaded
www.securityfocus.com/bid/42527
www.ubuntu.com/usn/USN-1041-1
www.ubuntu.com/usn/USN-1057-1
www.vmware.com/security/advisories/VMSA-2011-0012.html
www.vupen.com/english/advisories/2011/0070
www.vupen.com/english/advisories/2011/0280
bugzilla.redhat.com/show_bug.cgi?id=624923
More
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.02 Low
EPSS
Percentile
88.8%