blob: 36c3543ccacdd4013d7b4a4d83938dd16d1488e1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: tty: Race condition leads to heap buffer over-read
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2078466
https://www.openwall.com/lists/oss-security/2022/05/27/2
https://lore.kernel.org/all/20220601183426.GD2168@kadam/
https://bugzilla.suse.com/show_bug.cgi?id=1198829
Notes:
carnil> As of 2022-05-26 not much details provided in RH bugzilla:
carnil> descriptions reads as An out-of-bounds read flaw was found in
carnil> the Linux kernel’s TeleTYpe subsystem. The issue occurs in
carnil> how a user triggers a race condition using ioctls TIOCSPTLCK
carnil> and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory
carnil> in the flush_to_ldisc function. This flaw allows a local user
carnil> to crash the system or read unauthorized random data from
carnil> memory.
carnil> Issue introduced by 71a174b39f10 ("pty: do tty_flip_buffer_push
carnil> without port->lock in pty_write") in 5.10-rc1.
bwh> All branches affected because this was introduced by a fix that
bwh> was also backported to stable.
Bugs:
upstream: released (5.19-rc7) [a501ab75e7624d133a5a3c7ec010687c8b961d23]
5.10-upstream-stable: released (5.10.134) [08afa87f58d83dfe040572ed591b47e8cb9e225c]
4.19-upstream-stable: released (4.19.254) [eb059bf8c237fe41fbaed4a6cccacce687b83222]
4.9-upstream-stable: released (4.9.325) [41ce14090db93fc2f0c8a27ce8a324b0192da7b5]
sid: released (5.18.14-1)
5.10-bullseye-security: released (5.10.136-1)
4.19-buster-security: released (4.19.260-1)
4.9-stretch-security: ignored "EOL"
|
