blob: a820e937dc5c8304eb8c16d61cc14c7ff806445b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
Description: uninitialized kernel data leak in userspace coredumps
References:
https://www.openwall.com/lists/oss-security/2020/05/06/1
https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a
https://lore.kernel.org/lkml/20200419100848.63472-1-glider@google.com/
https://github.com/google/kmsan/issues/76
https://twitter.com/grsecurity/status/1252558055629299712
https://bugzilla.redhat.com/show_bug.cgi?id=1831399
Notes:
carnil> Proposed fix has been accepted in linux-next tree, as per
carnil> https://bugzilla.redhat.com/show_bug.cgi?id=1831399#c15
bwh> The leak appears to have been introduced for x86 in 4.8 by
bwh> commit 91c3dba7dbc1 "x86/fpu/xstate: Fix PTRACE frames for
bwh> XSAVES". A comparison of register sections in core dump
bwh> under different Debian kernels agrees with that, as does
bwh> @grsecurity (further down the thread). Some other
bwh> architectures are affected though.
Bugs:
upstream: released (5.7) [1d605416fb7175e1adf094251466caa52093b413]
4.19-upstream-stable: released (4.19.126) [61ce1733b30fdcf45e31308bc7795b6dc7f2ffba]
4.9-upstream-stable: released (4.9.226) [d228bc4b19e0b1c35f3eb404acbf1d607c01e64c]
3.16-upstream-stable: pending (3.16.85) [fs-binfmt_elf.c-allocate-initialized-memory-in.patch]
sid: pending (5.6.14-2) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
4.19-buster-security: released (4.19.118-2+deb10u1) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/all/fs-binfmt_elf.c-allocate-initialized-memory-in-fill_.patch]
3.16-jessie-security: ignored "Does not affect supported architectures"
|