Message ID | 1548381686-8117-1-git-send-email-tyhicks@canonical.com |
---|---|
Headers | show |
Series | CVE-2018-18397 - tmpfs permissions bypass | expand |
On 25.01.19 03:01, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html > > The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles > access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing > local users to write data into holes in a tmpfs file (if the user has > read-only access to that file, and that file contains holes), related to > fs/userfaultfd.c and mm/userfaultfd.c. > > All but one of these patches are clean cherry picks to Cosmic and Bionic. The > one that required manual backporting was due to minor context changes due to > upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those > kernels. > > I've successfully regression tested these changes by running the > tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise > userfaultfd. > > Tyler > Cherry picks (mostly) and tested. Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 1/25/19 3:01 AM, Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html > > The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles > access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing > local users to write data into holes in a tmpfs file (if the user has > read-only access to that file, and that file contains holes), related to > fs/userfaultfd.c and mm/userfaultfd.c. > > All but one of these patches are clean cherry picks to Cosmic and Bionic. The > one that required manual backporting was due to minor context changes due to > upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those > kernels. > > I've successfully regression tested these changes by running the > tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise > userfaultfd. > > Tyler > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 2019-01-25 02:01:21 , Tyler Hicks wrote: > https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html > > The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles > access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing > local users to write data into holes in a tmpfs file (if the user has > read-only access to that file, and that file contains holes), related to > fs/userfaultfd.c and mm/userfaultfd.c. > > All but one of these patches are clean cherry picks to Cosmic and Bionic. The > one that required manual backporting was due to minor context changes due to > upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those > kernels. > > I've successfully regression tested these changes by running the > tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise > userfaultfd. > > Tyler > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team