Description
A race condition was found in the way asynchronous I/O and fallocate()
interacted when using the ext4 file system. A local, unprivileged user
could use this flaw to expose random data from an extent whose data blocks
have not yet been written, and thus contain data from a deleted file.
(CVE-2012-4508, Important)
* An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data from
disk blocks in free space, which are normally inaccessible. (CVE-2013-4299,
Moderate)