[PATCH 0/1][SRU][X/B/C] CVE-2019-6133 - Untrustable process start_time
Tyler Hicks
tyhicks at canonical.com
Fri Jan 25 01:49:36 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6133.html
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be
bypassed because fork() is not atomic, and therefore authorization decisions
are improperly cached. This is related to lack of uid checking in
polkitbackend/polkitbackendinteractiveauthority.c.
This CVE was assigned against PolicyKit but there's a more complete fix
available for the kernel and the Ubuntu Security Team asked that we include the
kernel fix.
This is a clean cherry pick to Xenial, Bionic, and Cosmic. I've attempted to
test this fix with the reproducer in the Project Zero bug report but could not
get the reproducer to work prior to applying this kernel fix. The results are
the same after applying this kernel fix (reproducer still doesn't work).
Tyler
More information about the kernel-team
mailing list