APPLIED: [SRU][Xenial][CVE-2019-2054] Prevent ptrace from following stale syscall
Kleber Souza
kleber.souza at canonical.com
Mon Jul 1 09:02:44 UTC 2019
On 6/4/19 12:22 AM, Connor Kuehl wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2054.html
>
> CVE description from above URL: In the seccomp implementation prior to kernel
> version 4.8, there is a possible seccomp bypass due to seccomp policies that
> allow the use of ptrace. This could lead to local escalation of privilege
> with no additional execution privileges needed. User interaction is not needed
> for exploitation.
>
> Clean cherry pick. No manual adjustments required.
>
> Kees Cook (1):
> arm/ptrace: run seccomp after ptrace
>
> arch/arm/kernel/ptrace.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
Applied to xenial/master-next branch.
Thanks,
Kleber
More information about the kernel-team
mailing list