APPLIED Re: [SRU OEM-6.0 0/3] CVE-2023-1076
Timo Aaltonen
tjaalton at ubuntu.com
Fri Sep 1 11:33:11 UTC 2023
Cengiz Can kirjoitti 24.8.2023 klo 14.06:
> [Impact]
> A flaw was found in the Linux Kernel. The tun/tap sockets have their socket
> UID hardcoded to 0 due to a type confusion in their initialization function.
> While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it
> may not always be the case, e.g., a non-root user only having that capability.
> This would make tun/tap sockets being incorrectly treated in filtering/routing
> decisions, possibly bypassing network filters.
>
> [Fix]
> Cherry picked from upstream.
>
> [Test case]
> Compile, boot and basic tunctl functionality tested.
>
> [Potential regression]
> CVE-2023-4194 is a followup for this so this has a high regression potential.
>
> Pietro Borrello (3):
> net: add sock_init_data_uid()
> tun: tun_chr_open(): correctly initialize socket uid
> tap: tap_open(): correctly initialize socket uid
>
> drivers/net/tap.c | 2 +-
> drivers/net/tun.c | 2 +-
> include/net/sock.h | 7 ++++++-
> net/core/sock.c | 15 ++++++++++++---
> 4 files changed, 20 insertions(+), 6 deletions(-)
>
applied to oem-6.0, thanks
--
t
More information about the kernel-team
mailing list