[SRU B/F PATCH 0/1] CVE-2021-33656
Cengiz Can
cengiz.can at canonical.com
Wed Aug 3 04:20:29 UTC 2022
[Impact]
When setting font with malicous data by ioctl cmd PIO_FONT, kernel will
write memory out of bounds.
[Fix]
Fix was cherry-picked from closest stable trees.
An additional patch[1] seems to be under discussion (very recently)
for removing leftover macros at `uapi/linux/kd.h`. Since it doesn't
directly contribute to the fix, that patch was ignored.
[Test case]
Compile and boot tested on KVM only.
[Potential regression]
As discussed in mailing list and explained in the patch body, those
ioctls seem to be archaic and not used by any known clients.
However I managed to find a complaint[2] from one of the users. It was
suggested to switch to the newer API instead.
So there's a slight regression potantial, especially from users who
change fonts of framebuffer console.
[1] https://lore.kernel.org/lkml/YuUdWoa7UFHmkNu9@kroah.com/T/#m536ff2bb888b82312895864479bc06ae52aaa8cf
[2] https://www.spinics.net/lists/kernel/msg3985438.html
Jiri Slaby (1):
vt: drop old FONT ioctls
drivers/tty/vt/vt.c | 39 +---------
drivers/tty/vt/vt_ioctl.c | 149 --------------------------------------
include/linux/kd.h | 8 --
3 files changed, 3 insertions(+), 193 deletions(-)
delete mode 100644 include/linux/kd.h
--
2.34.1
More information about the kernel-team
mailing list