CVE-2010-2226 Information

Description

The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl which allows local users to leverage write access and obtain read access by swapping one file into another file.

Reference

http://archives.free.net.ph/message/20100616.130710.301704aa.en.html http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1817176a86352f65210139d4c794ad2d19fc6b63 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html http://marc.info/?l=oss-security&m=127677135609357&w=2 http://marc.info/?l=oss-security&m=127687486331790&w=2 http://secunia.com/advisories/43315 http://www.debian.org/security/2010/dsa-2094 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 http://www.redhat.com/support/errata/RHSA-2010-0610.html http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/bid/40920 http://www.ubuntu.com/usn/USN-1000-1 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.vupen.com/english/advisories/2011/0298 https://bugzilla.redhat.com/show_bug.cgi?id=605158