[PATCH 0/1][SRU][X/B/C] CVE-2019-6133 - Untrustable process start_time

Tyler Hicks tyhicks at canonical.com
Fri Jan 25 01:49:36 UTC 2019


https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html

 In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be
 bypassed because fork() is not atomic, and therefore authorization decisions
 are improperly cached. This is related to lack of uid checking in
 polkitbackend/polkitbackendinteractiveauthority.c.

This CVE was assigned against PolicyKit but there's a more complete fix
available for the kernel and the Ubuntu Security Team asked that we include the
kernel fix.

This is a clean cherry pick to Xenial, Bionic, and Cosmic. I've attempted to
test this fix with the reproducer in the Project Zero bug report but could not
get the reproducer to work prior to applying this kernel fix. The results are
the same after applying this kernel fix (reproducer still doesn't work).

Tyler



More information about the kernel-team mailing list