APPLIED: [SRU][T][PATCH 0/1] CVE-2017-18344 - Incorrect POSIX timer validation
Stefan Bader
stefan.bader at canonical.com
Thu Aug 16 09:00:13 UTC 2018
On 03.08.2018 23:25, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18344.html
>
> The timer_create syscall implementation in kernel/time/posix-timers.c in
> the Linux kernel before 4.14.8 doesn't properly validate the
> sigevent->sigev_notify field, which leads to out-of-bounds access in the
> show_timer function (called when /proc/$PID/timers is read). This allows
> userspace applications to read arbitrary kernel memory (on a kernel built
> with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
>
> This is backported from upstream and tested with a PoC that I wrote. Xenial has
> already picked up this fix via linux-stable. Bionic released with this fix.
>
> Tyler
>
This was actually already released as part of the 2018.08.14 security release.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180816/d94d3ce2/attachment.sig>
More information about the kernel-team
mailing list