ACK: [PATCH 0/5][SRU][B/C] CVE-2018-18397 - tmpfs permissions bypass
Stefan Bader
stefan.bader at canonical.com
Wed Jan 30 14:17:59 UTC 2019
On 25.01.19 03:01, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18397.html
>
> The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles
> access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing
> local users to write data into holes in a tmpfs file (if the user has
> read-only access to that file, and that file contains holes), related to
> fs/userfaultfd.c and mm/userfaultfd.c.
>
> All but one of these patches are clean cherry picks to Cosmic and Bionic. The
> one that required manual backporting was due to minor context changes due to
> upstream commit 2cf855837b89d92996cf264713f3bed2bf9b0b4f missing in those
> kernels.
>
> I've successfully regression tested these changes by running the
> tools/testing/selftests/vm/run_vmtests kernel selftests, which excercise
> userfaultfd.
>
> Tyler
>
Cherry picks (mostly) and tested.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190130/a71002f8/attachment.sig>
More information about the kernel-team
mailing list