[SRU][Xenial][CVE-2019-2054] Prevent ptrace from following stale syscall
Connor Kuehl
connor.kuehl at canonical.com
Mon Jun 3 22:22:56 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-2054.html
CVE description from above URL: In the seccomp implementation prior to kernel
version 4.8, there is a possible seccomp bypass due to seccomp policies that
allow the use of ptrace. This could lead to local escalation of privilege
with no additional execution privileges needed. User interaction is not needed
for exploitation.
Clean cherry pick. No manual adjustments required.
Kees Cook (1):
arm/ptrace: run seccomp after ptrace
arch/arm/kernel/ptrace.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--
2.20.1
More information about the kernel-team
mailing list