Launchpad has imported 9 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=1373966.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2016-09-07T14:48:59+00:00 Adam wrote: It was found that when gcc stack protector is turned on, proc_keys_show() can cause a panic due to stack corruption. This happens because xbuf[] is not big enough to hold a 64-bit timeout rendered as weeks. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1373499 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/0 ------------------------------------------------------------------------ On 2016-09-07T14:49:03+00:00 Adam wrote: Acknowledgments: Name: Ondrej Kozina (Red Hat) Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/1 ------------------------------------------------------------------------ On 2016-09-12T13:40:18+00:00 Vladis wrote: Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/2 ------------------------------------------------------------------------ On 2016-09-12T13:42:25+00:00 Vladis wrote: Created attachment 1200212 Fix for buffer overflow in proc_keys_show Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/3 ------------------------------------------------------------------------ On 2016-10-13T12:31:14+00:00 Vladis wrote: cve-id CVE-2016-7042 was assigned to this flaw internally by the Red Hat. please, use it in the public communications regarding this flaw. Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/4 ------------------------------------------------------------------------ On 2017-03-21T13:14:56+00:00 errata-xmlrpc wrote: This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0817 https://rhn.redhat.com/errata/RHSA-2017-0817.html Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/14 ------------------------------------------------------------------------ On 2017-08-01T19:09:29+00:00 errata-xmlrpc wrote: This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/15 ------------------------------------------------------------------------ On 2017-08-02T07:48:19+00:00 errata-xmlrpc wrote: This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/16 ------------------------------------------------------------------------ On 2017-09-06T20:38:04+00:00 errata-xmlrpc wrote: This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 Reply at: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1634496/comments/17 ** Changed in: linux Status: Unknown => Confirmed ** Changed in: linux Importance: Unknown => Medium ** Bug watch added: Red Hat Bugzilla #1373499 https://bugzilla.redhat.com/show_bug.cgi?id=1373499 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-7042 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1634496 Title: proc_keys_show crash when reading /proc/keys Status in Linux: Confirmed Status in linux package in Ubuntu: Fix Released Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Vivid: Fix Released Status in linux source package in Xenial: Fix Released Status in linux source package in Yakkety: Fix Released Bug description: Running stress-ng /proc test trips the following crash: [ 5315.044206] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae [ 5315.044206] [ 5315.044883] CPU: 0 PID: 4820 Comm: Tainted: P OE 4.8.0-25-generic #27-Ubuntu [ 5315.045361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014 [ 5315.045911] 0000000000000086 00000000b337622b ffff8fe574f37c78 ffffffff8962f5d2 [ 5315.046371] 00000000b3405b00 ffffffff89e83530 ffff8fe574f37d00 ffffffff8939e71c [ 5315.046841] ffff8fe500000010 ffff8fe574f37d10 ffff8fe574f37ca8 00000000b337622b [ 5315.047305] Call Trace: [ 5315.047457] [<ffffffff8962f5d2>] dump_stack+0x63/0x81 [ 5315.047763] [<ffffffff8939e71c>] panic+0xe4/0x226 [ 5315.048049] [<ffffffff8956b1ae>] ? proc_keys_show+0x3ce/0x3d0 [ 5315.048398] [<ffffffff89282b89>] __stack_chk_fail+0x19/0x30 [ 5315.048735] [<ffffffff8956b1ae>] proc_keys_show+0x3ce/0x3d0 [ 5315.049072] [<ffffffff895686b0>] ? key_validate+0x50/0x50 [ 5315.049396] [<ffffffff89565d70>] ? key_default_cmp+0x20/0x20 [ 5315.049737] [<ffffffff89459832>] seq_read+0x102/0x3c0 [ 5315.050042] [<ffffffff894a6302>] proc_reg_read+0x42/0x70 [ 5315.050363] [<ffffffff89432448>] __vfs_read+0x18/0x40 [ 5315.050674] [<ffffffff89432ba6>] vfs_read+0x96/0x130 [ 5315.050977] [<ffffffff89434085>] SyS_read+0x55/0xc0 [ 5315.051275] [<ffffffff89a9f076>] entry_SYSCALL_64_fastpath+0x1e/0xa8 [ 5315.051735] Kernel Offset: 0x8200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 5315.052563] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae [ 5315.052563] "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file." Fix detailed in: https://bugzilla.redhat.com/show_bug.cgi?id=1373966 see: https://bugzilla.redhat.com/attachment.cgi?id=1200212&action=diff To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1634496/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
