APPLIED: [PATCH 0/1][SRU][T/X/B/C] CVE-2019-9213 - Incorrect memory protection check
Kleber Souza
kleber.souza at canonical.com
Tue Mar 12 12:24:45 UTC 2019
On 3/7/19 3:36 AM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9213.html
>
> In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a
> check for the mmap minimum address, which makes it easier for attackers to
> exploit kernel NULL pointer dereferences on non-SMAP platforms. This is
> related to a capability check for the wrong task.
>
> Clean cherry pick. Clean build logs. Verified the fix in Cosmic through Trusty
> with the PoC in the Project Zero bug report[1].
>
> Tyler
>
> [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1792&desc=2
>
> Jann Horn (1):
> mm: enforce min addr even if capable() in expand_downwards()
>
> mm/mmap.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
Applied to {trusty,xenial,bionic,cosmic}/master-next branches,
fixing fuzzing and the provenance line for trusty.
Thanks,
Kleber
More information about the kernel-team
mailing list