Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Greg KH <greg@...>

Cc: Oliver Pinter <oliver.pntr@...>, Bastian Blank <bastian@...>, Niki Denev <ndenev@...>, Willy Tarreau <w@...>, <linux-kernel@...>, <jens.axboe@...>, <stable@...>

Subject: Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Date: Sunday, February 10, 2008 - 1:11 pm

On Feb 10, 2008 7:05 PM, Greg KH <greg@kroah.com> wrote:
quoted text> No, this is a different CVE, as it is a different problem from the
> original 09 and 10 report.
>
> It has been given CVE-2008-0600 to address this issue (09 and 10 only
> affect .23 and .24 kernels, and have been fixed.)
>
> > +             if(!access_ok(VERIFY_READ, base, len)) {
> > +                     error = -EFAULT;
> > +                     break;
> > +             }
>
> Hm, perhaps we should just properly check the len field instead?  That's
> what is being overflowed here...

Sorry, I forgot to cc you on this one:

http://lkml.org/lkml/2008/2/10/153

I don't see where the current code is checking that base is
accessible. We just check that we can copy the struct iovecs, right?

                        Pekka
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

kernel 2.6.24.1 still vulnerable to the vmsplice local root ..., Niki Denev, (Sun Feb 10, 2:04 am)

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local r..., Willy Tarreau, (Sun Feb 10, 2:32 am)

Re: kernel 2.6.24.1 still vulnerable to the vmsplice local r..., Niki Denev, (Sun Feb 10, 2:38 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Niki Denev, (Sun Feb 10, 5:40 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Bastian Blank, (Sun Feb 10, 8:22 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Niki Denev, (Sun Feb 10, 9:48 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Niki Denev, (Sun Feb 10, 8:39 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Bastian Blank, (Sun Feb 10, 8:47 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Oliver Pinter, (Sun Feb 10, 9:02 am)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the..., Greg KH, (Sun Feb 10, 1:05 pm)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the..., Oliver Pinter, (Sun Feb 10, 1:48 pm)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the..., Oliver Pinter, (Sun Feb 10, 1:44 pm)

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the..., Pekka Enberg, (Sun Feb 10, 1:11 pm)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Niki Denev, (Sun Feb 10, 8:54 am)

Re: [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice..., Oliver Pinter, (Sun Feb 10, 8:04 am)


linux-kernel:
Andreas Gruenbacher	Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
Alan Cox	Re: [patch 7/8] fdmap v2 - implement sys_socket2
Jens Axboe	Re: regression: CD burning (k3b) went broke
Paul E. McKenney	Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures
git:

linux-netdev:
KOSAKI Motohiro	[bug?] tg3: Failed to load firmware "tigon/tg3_tso.bin"
David Miller	[GIT]: Networking
Alexey Dobriyan	[PATCH 09/33] netns ct: per-netns /proc/net/nf_conntrack, /proc/net/stat/nf_conntr...
Gerrit Renker	[PATCH 18/37] dccp: Support for Mandatory options
openbsd-misc:

Re: [stable] [PATCH] kernel 2.6.24.1 still vulnerable to the vmsplice local root exploit

Online users