[kernel-sec-discuss] r5269 - active retired

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat May 6 12:48:08 UTC 2017 

Author: carnil
Date: 2017-05-06 12:48:08 +0000 (Sat, 06 May 2017)
New Revision: 5269

Added:
   retired/CVE-2016-10044
   retired/CVE-2017-5967
Removed:
   active/CVE-2016-10044
   active/CVE-2017-5967
Log:
Retire two more CVEs (either released or ignored upstream)

Deleted: active/CVE-2016-10044
===================================================================
--- active/CVE-2016-10044	2017-05-06 12:48:07 UTC (rev 5268)
+++ active/CVE-2016-10044	2017-05-06 12:48:08 UTC (rev 5269)
@@ -1,22 +0,0 @@
-Description: The aio_mount function in fs/aio.c in the Linux kernel does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
-References:
- http://source.android.com/security/bulletin/2017-02-01.html
-Notes:
- carnil> possibly introduced by bb646cdb12e75d82258c2f2e7746d5952d3e321a
- carnil> needs check.
- bwh> I think carnil pasted the wrong hash above.  Anyway, I wrote a test
- bwh> program and verified this does affect 3.2 and 3.16.
- bwh> Dependencies for 3.16:
- bwh> 46b15caa7cb1 vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB
- bwh> 90f8572b0f02 vfs: Commit to never having exectuables on proc and sysfs.
- bwh> Alternately we could assign a filesystem type flag instead of a superblock
- bwh> internal flag.  This is not practical to fix for 3.2, where aio does not
- bwh> have a filesystem.
-Bugs:
-upstream: released (4.8-rc7) [22f6b4d34fcf039c63a94e7670e0da24f8575a5a]
-4.9-upstream-stable: N/A "Fixed before branch point"
-3.16-upstream-stable: released (3.16.43) [880366a6e2ef182c37b7c7317dc6d449f625b97d]
-3.2-upstream-stable: ignored "changes required are too invasive"
-sid: released (4.7.8-1)
-3.16-jessie-security: released (3.16.43-1)
-3.2-wheezy-security: ignored "changes required are too invasive"

Deleted: active/CVE-2017-5967
===================================================================
--- active/CVE-2017-5967	2017-05-06 12:48:07 UTC (rev 5268)
+++ active/CVE-2017-5967	2017-05-06 12:48:08 UTC (rev 5269)
@@ -1,17 +0,0 @@
-Description: The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. 
-References:
- https://bugzilla.kernel.org/show_bug.cgi?id=193921
-Notes:
- bwh> The upstream "fix" for this is to remove the feature, as it is
- bwh> redundant with tracing.  I don't think that change is
- bwh> acceptable for stable branches, other than possibly 4.9.  We
- bwh> could instead prevent processes outside the initial pid
- bwh> namespace from opening the file.
-Bugs:
-upstream: released (4.11-rc1) [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1]
-4.9-upstream-stable: needed
-3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting"
-3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
-sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
-3.16-jessie-security: released (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
-3.2-wheezy-security: released (3.2.88-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]

Copied: retired/CVE-2016-10044 (from rev 5268, active/CVE-2016-10044)
===================================================================
--- retired/CVE-2016-10044	                        (rev 0)
+++ retired/CVE-2016-10044	2017-05-06 12:48:08 UTC (rev 5269)
@@ -0,0 +1,22 @@
+Description: The aio_mount function in fs/aio.c in the Linux kernel does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
+References:
+ http://source.android.com/security/bulletin/2017-02-01.html
+Notes:
+ carnil> possibly introduced by bb646cdb12e75d82258c2f2e7746d5952d3e321a
+ carnil> needs check.
+ bwh> I think carnil pasted the wrong hash above.  Anyway, I wrote a test
+ bwh> program and verified this does affect 3.2 and 3.16.
+ bwh> Dependencies for 3.16:
+ bwh> 46b15caa7cb1 vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB
+ bwh> 90f8572b0f02 vfs: Commit to never having exectuables on proc and sysfs.
+ bwh> Alternately we could assign a filesystem type flag instead of a superblock
+ bwh> internal flag.  This is not practical to fix for 3.2, where aio does not
+ bwh> have a filesystem.
+Bugs:
+upstream: released (4.8-rc7) [22f6b4d34fcf039c63a94e7670e0da24f8575a5a]
+4.9-upstream-stable: N/A "Fixed before branch point"
+3.16-upstream-stable: released (3.16.43) [880366a6e2ef182c37b7c7317dc6d449f625b97d]
+3.2-upstream-stable: ignored "changes required are too invasive"
+sid: released (4.7.8-1)
+3.16-jessie-security: released (3.16.43-1)
+3.2-wheezy-security: ignored "changes required are too invasive"

Copied: retired/CVE-2017-5967 (from rev 5268, active/CVE-2017-5967)
===================================================================
--- retired/CVE-2017-5967	                        (rev 0)
+++ retired/CVE-2017-5967	2017-05-06 12:48:08 UTC (rev 5269)
@@ -0,0 +1,17 @@
+Description: The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c. 
+References:
+ https://bugzilla.kernel.org/show_bug.cgi?id=193921
+Notes:
+ bwh> The upstream "fix" for this is to remove the feature, as it is
+ bwh> redundant with tracing.  I don't think that change is
+ bwh> acceptable for stable branches, other than possibly 4.9.  We
+ bwh> could instead prevent processes outside the initial pid
+ bwh> namespace from opening the file.
+Bugs:
+upstream: released (4.11-rc1) [dfb4357da6ddbdf57d583ba64361c9d792b0e0b1]
+4.9-upstream-stable: needed
+3.16-upstream-stable: ignored "Upstream fix is not suitable for backporting"
+3.2-upstream-stable: ignored "Upstream fix is not suitable for backporting"
+sid: released (4.9.13-1) [debian/time-mark-timer_stats-as-broken.patch]
+3.16-jessie-security: released (3.16.43-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]
+3.2-wheezy-security: released (3.2.88-1) [bugfix/all/timer-restrict-timer_stats-to-initial-pid-namespace.patch]

More information about the kernel-sec-discuss mailing list