[SRU][F/B/X][CVE-2020-25284][PATCH v2 0/1] rbd: require global CAP_SYS_ADMIN for mapping and unmapping
William Breathitt Gray
william.gray at canonical.com
Fri Sep 25 16:30:06 UTC 2020
SRU Justification
=================
[Impact]
The rbd block device driver in drivers/block/rbd.c in the Linux kernel
through 5.8.9 used incomplete permission checking for access to rbd
devices, which could be leveraged by local attackers to map or unmap rbd
block devices, aka CID-f44d04e696fe.
[Regression Potential]
Regression potential is low. This fix simply checks if the proper
permission is held; the only users affected by this change will be those
who should not have access to rbd devices in the first place.
[Miscellaneous]
It's a simple cherry-pick for Focal and Bionic. The Xenial backport
consisted of just removing the changes for sysfs attributes that do not
exist in Xenial, and making minor context adjustments.
Ilya Dryomov (1):
rbd: require global CAP_SYS_ADMIN for mapping and unmapping
drivers/block/rbd.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
--
2.25.1
More information about the kernel-team
mailing list