blob: 82c3b977396df8e2fad5429677788d0fbd6336b9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Description: Integer overflow in Linux's create_elf_tables()
References:
https://www.openwall.com/lists/oss-security/2018/09/25/4
Notes:
carnil> Kernels with commit b6a2fea39318 ("mm: variable length argument
carnil> support"), but without commit da029c11e6b1 ("exec: Limit arg
carnil> stack to at most 75% of _STK_LIM") are exploitable.
carnil> For sid branch fixed in 4.12.6, as the fix landed in 4.12.3
Bugs:
upstream: released (4.13-rc1) [da029c11e6b12f321f36dac8771e833b65cec962]
4.9-upstream-stable: released (4.9.39) [f31c4f65dd09319ba21cf825fa36daf0c1ddf958]
3.16-upstream-stable: released (3.16.59) [exec-limit-arg-stack-to-at-most-75-of-_stk_lim.patch]
sid: released (4.12.6-1)
4.9-stretch-security: released (4.9.47-1)
3.16-jessie-security: released (3.16.59-1)
|
