Hi, On Friday, we got a report CC'ed to s@k.o and linux-distros (which is a misuse of linux-distros per the currently published instructions, don't do that) of what turned out to be not a security issue and already public. I am posting about it in here not to make an exception that we'd need to explain anyway. Just for consistency and transparency.
The corresponding public report from March is: https://lore.kernel.org/all/CAK55_s7Xyq=nh97=K=g1sxueofrjdavpojal4tptcayvmxo...@mail.gmail.com/ --- BUG: KASAN: stack-out-of-bounds in profile_pc+0x120/0x130 arch/x86/kernel/time.c:42 Read of size 8 at addr ffff888108567cc8 by task syz-executor308/360 CPU: 0 PID: 360 Comm: syz-executor308 Not tainted 6.1.82 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x4d/0x66 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x16c/0x4a3 mm/kasan/report.c:395 kasan_report+0xb3/0x130 mm/kasan/report.c:495 profile_pc+0x120/0x130 arch/x86/kernel/time.c:42 --- As Vegard Nossum pointed out: > Writing to /sys/kernel/profiling requires root, so AFAICT this is only a > security issue for lockdown in the worst case. and then it's just a harmless out of bounds read that is only detected in KASan builds. Nevertheless, Linus promptly fixed the issue by dropping this code in: 093d9603b600 ("x86: stop playing stack games in profile_pc()") Alexander
