[PATCH 0/1] [SRU] [xenial/linux] CVE-2015-1350
Tim Gardner
tim.gardner at canonical.com
Wed Mar 17 17:16:23 UTC 2021
[Impact]
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of
requirements for setattr operations that underspecifies removing extended
privilege attributes, which allows local users to cause a denial of service
(capability stripping) via a failed invocation of a system call, as demonstrated
by using chown to remove a capability from the ping or Wireshark dumpcap program.
>From the Ubuntu security team:
Ben Harris discovered that the Linux kernel would strip extended privilege
attributes of files when performing a failed unprivileged system call. A
local attacker could use this to cause a denial of service.
The fix commit 030b533c4fd4d2ec3402363323de4bb2983c9cee "fs: Avoid premature
clearing of capabilities" required 3 scaffold patches. I used the stable
updates from linux-4.1.y as a guide.
[Test Plan]
I've run passes with iozone and bonnie++
[Where problems could occur]
Released in
linux-3.16.y
linux-3.2.y
linux-4.1.y
More information about the kernel-team
mailing list