Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 457790 (CVE-2013-0871) - Kernel : race condition with PTRACE_SETREGS (CVE-2013-0871)
Summary: Kernel : race condition with PTRACE_SETREGS (CVE-2013-0871)
Status: RESOLVED OBSOLETE
Alias: CVE-2013-0871
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-02-16 07:41 UTC by Agostino Sarubbo
Modified: 2018-04-04 18:30 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-02-16 07:41:20 UTC
From $URL :

Linux kernel stack corruption due to race condition with PTRACE_SETREGS
-----------------------------------------------------------------------

A race conditon in ptrace can lead to kernel stack corruption and arbitrary
kernel-mode code execution.

This should be tracked as CVE-2013-0871.

Solution
------------

The following commits from Oleg Nesterov should address the issue:

- 910ffdb18a6408e14febbb6e4b6840fd2c928c82
- 9899d11f654474d2d54ea52ceaa2a1f4db3abd68
- 9067ac85d533651b98c2ff903182a20cbb361fcb

Credit
---------

This was discovered by Suleiman Souhlal and Salman Qazi of Google, with help
from Aaron Durbin and Michael Davidson, also of Google.
Comment 1 William Waisse 2013-02-18 20:02:19 UTC
just a fyi for people wanting to fix tht as fast as possible : 

(21:49) <  ne0futur> 20:59 < neofutur> hardened-sources-3.7.8.ebuild include
                     grsecurity-2.9.1-3.7.8-201302161158
(21:49) <  ne0futur> 20:59 < neofutur> can anyone confirm that grsec version includes a fix for CVE-2013-0871 ?
(21:49) <  ne0futur> 21:00 < spender> it does

 so gentoo hardened at least have something against this bad race condition ;)
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:30:50 UTC
There are no longer any 2.x or <3.7.5 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.