Re: [lfs-book] [LFS Trac] #4723: linux-5.8.8

Fri, 11 Sep 2020 11:33:10 -0700 

#4723: linux-5.8.8
--------------------+-----------------------
 Reporter:  bdubbs  |       Owner:  lfs-book
     Type:  task    |      Status:  new
 Priority:  high    |   Milestone:  10.1
Component:  Book    |     Version:  SVN
 Severity:  normal  |  Resolution:
 Keywords:          |
--------------------+-----------------------
Changes (by renodr):

 * priority:  normal => high


Comment:

 This has a security fix in it

 {{{
 Date: Tue, 8 Sep 2020 08:33:00 -0700
 From: Andy Lutomirski <[email protected]>
 To: oss security list <[email protected]>
 Subject: CVE Request: Linux kernel vsyscall page refcounting error

 Linux 5.7 and 5.8 have a bug in the reference counting of the struct
 page that backs the vsyscall page.  The result is a refcount
 underflow.  This can be triggered by any 64-bit process that is
 permitted to use ptrace() or process_vm_readv().  A creative attacker
 can probably achieve kernel code escalation by using this bug.

 You can prevent the issue from triggering by booting with
 vsyscall=xonly or vsyscall=none.  You can also effectively hotpatch a
 kernel with suitable hardening options by running the updated test
 case noted below -- the test case will underflow the refcount past
 zero, preventing further use of the page.  (A real attacker would
 carefully underflow it exactly to zero but not past.)  Or you can fix
 your kernel.

 (No one should be using vsyscall=emulate any more unless they have a
 very specific use case that requires it.  vsyscall=xonly is better in
 almost all cases.  For some reason, Fedora still seems to be using
 emulate mode, though.)

 Fixed by:

 commit 9fa2dd946743ae6f30dc4830da19147bf100a7f2
 Author: Dave Hansen <[email protected]>
 Date:   Thu Sep 3 13:40:28 2020 -0700

     mm: fix pin vs. gup mismatch with gate pages

 and tested a little better by:

 commit 8891adc61dce2a8a41fc0c23262b681c3ec4b73a
 Author: Andy Lutomirski <[email protected]>
 Date:   Thu Sep 3 13:40:30 2020 -0700

     selftests/x86/test_vsyscall: Improve the process_vm_readv() test
 }}}

--
Ticket URL: <http://wiki.linuxfromscratch.org/lfs/ticket/4723#comment:3>
LFS Trac <http://wiki.linuxfromscratch.org/lfs/>
Linux From Scratch: Your Distro, Your Rules.
-- 
http://lists.linuxfromscratch.org/listinfo/lfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to