CVE-2010-2537

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.35

Description The issue allows local users to overwrite an append-only file. This can be achieved via a BTRFS IOC CLONE or BTRFS IOC CLONE RANGE ioctl call that specifies the append-only file as a donor.

Recommendations For versions prior to 2.6.35, update to version 2.6.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the btrfs ioctl clone function in fs/btrfs/ioctl.c to minimize the risk of exploitation. Avoid using the BTRFS IOC CLONE or BTRFS IOC CLONE RANGE ioctl calls with append-only files until the issue is resolved.