ACK: [SRU B/F PATCH 0/1] CVE-2021-33656
Tim Gardner
tim.gardner at canonical.com
Thu Aug 4 12:37:14 UTC 2022
On 8/2/22 22:20, Cengiz Can wrote:
> [Impact]
> When setting font with malicous data by ioctl cmd PIO_FONT, kernel will
> write memory out of bounds.
>
> [Fix]
> Fix was cherry-picked from closest stable trees.
>
> An additional patch[1] seems to be under discussion (very recently)
> for removing leftover macros at `uapi/linux/kd.h`. Since it doesn't
> directly contribute to the fix, that patch was ignored.
>
> [Test case]
> Compile and boot tested on KVM only.
>
> [Potential regression]
> As discussed in mailing list and explained in the patch body, those
> ioctls seem to be archaic and not used by any known clients.
>
> However I managed to find a complaint[2] from one of the users. It was
> suggested to switch to the newer API instead.
>
> So there's a slight regression potantial, especially from users who
> change fonts of framebuffer console.
>
> [1] https://lore.kernel.org/lkml/YuUdWoa7UFHmkNu9@kroah.com/T/#m536ff2bb888b82312895864479bc06ae52aaa8cf
> [2] https://www.spinics.net/lists/kernel/msg3985438.html
>
> Jiri Slaby (1):
> vt: drop old FONT ioctls
>
> drivers/tty/vt/vt.c | 39 +---------
> drivers/tty/vt/vt_ioctl.c | 149 --------------------------------------
> include/linux/kd.h | 8 --
> 3 files changed, 3 insertions(+), 193 deletions(-)
> delete mode 100644 include/linux/kd.h
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list