ACK: [D/E][SRU][CVE-2019-19252][PATCH] vcs: prevent write access to vcsu devices
Colin Ian King
colin.king at canonical.com
Tue Dec 17 16:09:10 UTC 2019
On 17/12/2019 16:04, Connor Kuehl wrote:
> From: Nicolas Pitre <nico at fluxnic.net>
>
> CVE-2019-19252
>
> Commit d21b0be246bf ("vt: introduce unicode mode for /dev/vcs") guarded
> against using devices containing attributes as this is not yet
> implemented. It however failed to guard against writes to any devices
> as this is also unimplemented.
>
> Reported-by: Or Cohen <orcohen at paloaltonetworks.com>
> Signed-off-by: Nicolas Pitre <npitre at baylibre.com>
> Cc: <stable at vger.kernel.org> # v4.19+
> Cc: Jiri Slaby <jslaby at suse.com>
> Fixes: d21b0be246bf ("vt: introduce unicode mode for /dev/vcs")
> Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.1911051030580.30289@knanqh.ubzr
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> (cherry picked from 0c9acb1af77a3cb8707e43f45b72c95266903cee)
> Signed-off-by: Connor Kuehl <connor.kuehl at canonical.com>
> ---
> drivers/tty/vt/vc_screen.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c
> index 2384ea85ffaf..2fb509d57e88 100644
> --- a/drivers/tty/vt/vc_screen.c
> +++ b/drivers/tty/vt/vc_screen.c
> @@ -437,6 +437,9 @@ vcs_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
> size_t ret;
> char *con_buf;
>
> + if (use_unicode(inode))
> + return -EOPNOTSUPP;
> +
> con_buf = (char *) __get_free_page(GFP_KERNEL);
> if (!con_buf)
> return -ENOMEM;
>
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list