Question regarding CVE-2013-4299

Solution Unverified - Updated -

Issue

  • Is there a impact of CVE-2013-4299, in the environment where LVM snapshots are not being used ? This is because, CVE mentions
A flaw was found in the way Linux kernel's device-mapper subsystem, under certain
conditions, interpreted data written to snapshot block devices.
Snapshots are constructed from a single "cow" (copy-on-write) device that contains a
mixture of data and metadata, and the bug involves a user writing
a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped.

An attacker could construct a mapping to read data from disk blocks in 'free space' that
is normally inaccessible.

Environment

  • Red Hat Enterprise Linux 6.4
  • LVM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content