ACK: [PATCH 0/5][SRU][B/C] CVE-2018-18397 - tmpfs permissions bypass
Kleber Souza
kleber.souza at canonical.com
Fri Feb 1 17:54:28 UTC 2019
On 1/25/19 3:01 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html
>
> The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
> access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
> local users to write data into holes in a tmpfs file (if the user has
> read-only access to that file, and that file contains holes), related to
> fs/userfaultfd.c and mm/userfaultfd.c.
>
> All but one of these patches are clean cherry picks to Cosmic and Bionic. The
> one that required manual backporting was due to minor context changes due to
> upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those
> kernels.
>
> I've successfully regression tested these changes by running the
> tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise
> userfaultfd.
>
> Tyler
>
Acked-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
More information about the kernel-team
mailing list