APPLIED: [SRU][Xenial][CVE-2019-2054] Prevent ptrace from following stale syscall
Connor Kuehl
connor.kuehl at canonical.com
Fri Jul 5 20:38:37 UTC 2019
On 7/1/19 2:02 AM, Kleber Souza wrote:
> On 6/4/19 12:22 AM, Connor Kuehl wrote:
>> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2054.html
>>
>> CVE description from above URL: In the seccomp implementation prior to kernel
>> version 4.8, there is a possible seccomp bypass due to seccomp policies that
>> allow the use of ptrace. This could lead to local escalation of privilege
>> with no additional execution privileges needed. User interaction is not needed
>> for exploitation.
>>
>> Clean cherry pick. No manual adjustments required.
>>
>> Kees Cook (1):
>> arm/ptrace: run seccomp after ptrace
>>
>> arch/arm/kernel/ptrace.c | 11 ++++++-----
>> 1 file changed, 6 insertions(+), 5 deletions(-)
>>
>
> Applied to xenial/master-next branch.
I can't find this commit in our tree. I wonder if it got lost during the
previous cycle?
>
> Thanks,
> Kleber
>
More information about the kernel-team
mailing list