VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 3, 2012· Updated Apr 29, 2026

CVE-2011-1833

CVE-2011-1833

Description

Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in the eCryptfs subsystem in the Linux kernel before 3.1 allows local users to bypass intended file permissions via a mount.ecryptfs_private mount with a mismatched uid.

Affected products

51
  • Linux/Kernel51 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 50 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=3.0.44
    • cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*

Patches

1
764355487ea2

Ecryptfs: Add mount option to check uid of device being mounted = expect uid

https://github.com/torvalds/linuxJohn JohansenJul 22, 2011via nvd-ref
commit
1 file changed · +21 2
  • fs/ecryptfs/main.c+21 2 modified
    @@ -175,6 +175,7 @@ enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
        ecryptfs_opt_encrypted_view, ecryptfs_opt_fnek_sig,
        ecryptfs_opt_fn_cipher, ecryptfs_opt_fn_cipher_key_bytes,
        ecryptfs_opt_unlink_sigs, ecryptfs_opt_mount_auth_tok_only,
+       ecryptfs_opt_check_dev_ruid,
        ecryptfs_opt_err };
 
 static const match_table_t tokens = {
@@ -191,6 +192,7 @@ static const match_table_t tokens = {
 	{ecryptfs_opt_fn_cipher_key_bytes, "ecryptfs_fn_key_bytes=%u"},
 	{ecryptfs_opt_unlink_sigs, "ecryptfs_unlink_sigs"},
 	{ecryptfs_opt_mount_auth_tok_only, "ecryptfs_mount_auth_tok_only"},
+	{ecryptfs_opt_check_dev_ruid, "ecryptfs_check_dev_ruid"},
 	{ecryptfs_opt_err, NULL}
 };
 
@@ -236,6 +238,7 @@ static void ecryptfs_init_mount_crypt_stat(
  * ecryptfs_parse_options
  * @sb: The ecryptfs super block
  * @options: The options passed to the kernel
+ * @check_ruid: set to 1 if device uid should be checked against the ruid
  *
  * Parse mount options:
  * debug=N 	   - ecryptfs_verbosity level for debug output
@@ -251,7 +254,8 @@ static void ecryptfs_init_mount_crypt_stat(
  *
  * Returns zero on success; non-zero on error
  */
-static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
+static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
+				  uid_t *check_ruid)
 {
 	char *p;
 	int rc = 0;
@@ -276,6 +280,8 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
 	char *cipher_key_bytes_src;
 	char *fn_cipher_key_bytes_src;
 
+	*check_ruid = 0;
+
 	if (!options) {
 		rc = -EINVAL;
 		goto out;
@@ -380,6 +386,9 @@ static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options)
 			mount_crypt_stat->flags |=
 				ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY;
 			break;
+		case ecryptfs_opt_check_dev_ruid:
+			*check_ruid = 1;
+			break;
 		case ecryptfs_opt_err:
 		default:
 			printk(KERN_WARNING
@@ -475,6 +484,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
 	const char *err = "Getting sb failed";
 	struct inode *inode;
 	struct path path;
+	uid_t check_ruid;
 	int rc;
 
 	sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
@@ -483,7 +493,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
 		goto out;
 	}
 
-	rc = ecryptfs_parse_options(sbi, raw_data);
+	rc = ecryptfs_parse_options(sbi, raw_data, &check_ruid);
 	if (rc) {
 		err = "Error parsing options";
 		goto out;
@@ -521,6 +531,15 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
 			"known incompatibilities\n");
 		goto out_free;
 	}
+
+	if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) {
+		rc = -EPERM;
+		printk(KERN_ERR "Mount of device (uid: %d) not owned by "
+		       "requested user (uid: %d)\n",
+		       path.dentry->d_inode->i_uid, current_uid());
+		goto out_free;
+	}
+
 	ecryptfs_set_superblock_lower(s, path.dentry->d_sb);
 	s->s_maxbytes = path.dentry->d_sb->s_maxbytes;
 	s->s_blocksize = path.dentry->d_sb->s_blocksize;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.