The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel prior to 2.6.35 allows local users to overwrite an append-only file via a (1) BTRFS_IOC_CLONE or (2) BTRFS_IOC_CLONE_RANGE ioctl call that specifies this file as a donor.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
||
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 9.10 |
||
canonical ubuntu linux 10.04 |
||
suse suse linux enterprise server 11 |
||
suse suse linux enterprise desktop 11 |
||
suse linux enterprise high availability extension 11 |