APPLIED Re: [SRU][Jammy-OEM-5.17/OEM-6.0][PATCH 0/1] CVE-2023-0459
Timo Aaltonen
tjaalton at ubuntu.com
Fri Jun 2 06:48:24 UTC 2023
Yuxuan Luo kirjoitti 31.5.2023 klo 3.34:
> [Impact]
> There is a spectre-v1 like CVE in lib/usercopy.c, where there is no spectre
> barrier for __copy_from_user(). This vulnerability allows attackers to retrieve
> sensitive kernel memory information, leading to info leak.
>
> [Backport]
> There is a prerequisite commit, 33b75c1d884e (“instrumented.h: allow
> instrumenting both sides of copy_from_user()”), to solve a conflict at
> lib/usercopy.c. However, this commit mainly instrument the introduction of
> KMSAN and did not have any intersection with this fix, which is irrelevant to
> this CVE. Therefore, we can ignore this commit and directly backport the fix
> commit.
>
> [Test]
> Compile and boot tested.
>
> [Potential Regression]
> Expecting relative low regression potential since the fix basically adds an
> `NOP` after the branching statement. However, considering the wide usage of
> copy_from_user(), the potential is not negligible.
>
>
> Dave Hansen (1):
> uaccess: Add speculation barrier to copy_from_user()
>
> include/linux/nospec.h | 4 ++++
> kernel/bpf/core.c | 2 --
> lib/usercopy.c | 7 +++++++
> 3 files changed, 11 insertions(+), 2 deletions(-)
>
applied to both, thanks
--
t
More information about the kernel-team
mailing list