APPLIED: [PATCH 0/5][SRU][B/C] CVE-2018-18397 - tmpfs permissions bypass
Khaled Elmously
khalid.elmously at canonical.com
Mon Feb 4 05:50:37 UTC 2019
On 2019-01-25 02:01:21 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html
>
> The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
> access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
> local users to write data into holes in a tmpfs file (if the user has
> read-only access to that file, and that file contains holes), related to
> fs/userfaultfd.c and mm/userfaultfd.c.
>
> All but one of these patches are clean cherry picks to Cosmic and Bionic. The
> one that required manual backporting was due to minor context changes due to
> upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those
> kernels.
>
> I've successfully regression tested these changes by running the
> tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise
> userfaultfd.
>
> Tyler
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list