NAK: [PATCH 0/1][SRU][T/X/B/C] CVE-2019-9213 - Incorrect memory protection check
You-Sheng Yang
vicamo.yang at canonical.com
Thu Mar 7 03:11:30 UTC 2019
This patch doesn't apply on current trusty master-next HEAD
6a34acb7c2f8, and does apply on X/B/C.
On 2019/3/7 10:36 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html
>
> In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a
> check for the mmap minimum address, which makes it easier for attackers to
> exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
> related to a capability check for the wrong task.
>
> Clean cherry pick. Clean build logs. Verified the fix in Cosmic through Trusty
> with the PoC in the Project Zero bug report[1].
>
> Tyler
>
> [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2
>
> Jann Horn (1):
> mm: enforce min addr even if capable() in expand_downwards()
>
> mm/mmap.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190307/d75a1494/attachment-0001.sig>
More information about the kernel-team
mailing list