[Bug 1441388] Re: numactl crashes with segfault
Serge Hallyn
1441388 at bugs.launchpad.net
Thu May 21 22:36:29 UTC 2015
** Also affects: numactl (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: numactl (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: numactl (Ubuntu)
Importance: Undecided => High
** Changed in: numactl (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: numactl (Ubuntu Utopic)
Importance: Undecided => High
** Description changed:
+ ===============================================================
+ SRU Justification
+ Impact: program crashes, may be exploitable
+ Test case: "numactl --hardware" on a large system
+ Regression potential: this patch only makes sure that a bitmask is in bss to initialize to 0.
+ ===============================================================
numactl sometimes crashes when enumerating hardware:
root at node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault
Further analysis shows that libnuma is using an uninitialised pointer,
which value depends on program layout. When layout is sufficiently
different, the pointer is non-NULL and the library parses the data
pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
I have fixed the issue upstream:
https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1441388
Title:
numactl crashes with segfault
Status in numactl package in Ubuntu:
Fix Released
Status in numactl source package in Trusty:
New
Status in numactl source package in Utopic:
New
Bug description:
===============================================================
SRU Justification
Impact: program crashes, may be exploitable
Test case: "numactl --hardware" on a large system
Regression potential: this patch only makes sure that a bitmask is in bss to initialize to 0.
===============================================================
numactl sometimes crashes when enumerating hardware:
root at node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault
Further analysis shows that libnuma is using an uninitialised pointer,
which value depends on program layout. When layout is sufficiently
different, the pointer is non-NULL and the library parses the data
pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
I have fixed the issue upstream:
https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+subscriptions
More information about the Ubuntu-sponsors
mailing list