[PATCH 0/1][SRU][T/X/B/C] CVE-2019-9213 - Incorrect memory protection check
Tyler Hicks
tyhicks at canonical.com
Thu Mar 7 02:36:14 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a
check for the mmap minimum address, which makes it easier for attackers to
exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
related to a capability check for the wrong task.
Clean cherry pick. Clean build logs. Verified the fix in Cosmic through Trusty
with the PoC in the Project Zero bug report[1].
Tyler
[1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2
Jann Horn (1):
mm: enforce min addr even if capable() in expand_downwards()
mm/mmap.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list