Question regarding CVE-2013-4299
Issue
- Is there a impact of CVE-2013-4299, in the environment where LVM snapshots are not being used ? This is because, CVE mentions
A flaw was found in the way Linux kernel's device-mapper subsystem, under certain
conditions, interpreted data written to snapshot block devices.
Snapshots are constructed from a single "cow" (copy-on-write) device that contains a
mixture of data and metadata, and the bug involves a user writing
a data block that is later incorrectly interpreted as metadata controlling how blocks are mapped.
An attacker could construct a mapping to read data from disk blocks in 'free space' that
is normally inaccessible.
Environment
- Red Hat Enterprise Linux 6.4
- LVM
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.