655146 – (CVE-2018-10689) <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689)

Bug 655146 (CVE-2018-10689) - <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689)

Summary: <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_rea...

Status:	RESOLVED FIXED

Alias:	CVE-2018-10689

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B2 [glsa+ cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-05-07 10:03 UTC by Agostino Sarubbo
Modified:	2021-07-08 03:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	sys-block/blktrace-1.2.0_p20210419122502
Runtime testing required:	---

Flags:	nattka: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2018-05-07 10:03:08 UTC

From ${URL} :


A flaw was found in blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno 
arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.


References:
https://www.spinics.net/lists/linux-btrace/msg00847.html

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Sam James archtester

2020-04-22 22:11:58 UTC

@maintainer(s): ping, fancy applying the patch, or is it not suitable?

Comment 2 Larry the Git Cow gentoo-dev

2021-06-12 18:04:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d67d725f6bbb13cf73ff577df38e36bd08544d78

commit d67d725f6bbb13cf73ff577df38e36bd08544d78
Author:     Robin H. Johnson <robbat2@gentoo.org>
AuthorDate: 2021-06-12 18:01:43 +0000
Commit:     Robin H. Johnson <robbat2@gentoo.org>
CommitDate: 2021-06-12 18:04:13 +0000

    sys-block/blktrace: bump using snapshot
    
    Reference: CVE-2018-10689
    Bug: https://bugs.gentoo.org/655146
    Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 sys-block/blktrace/Manifest                        |  1 +
 .../blktrace/blktrace-1.2.0_p20210419122502.ebuild | 61 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)

Comment 3 Robin Johnson archtester

2021-06-12 18:05:38 UTC

security:
you can stablereq it. I chose to use the upstream snapshot because they haven't made a new release in 3.5 years, and it contains other build & functionality fixes to work in edge cases of newer kernels (e.g. cgroup stuff)

Comment 4 John Helmert III archtester

2021-06-12 18:08:03 UTC

Thanks Robin!

Comment 5 Agostino Sarubbo gentoo-dev

2021-06-13 06:28:12 UTC

amd64 stable

Comment 6 Agostino Sarubbo gentoo-dev

2021-06-13 06:32:49 UTC

x86 stable

Comment 7 Agostino Sarubbo gentoo-dev

2021-06-14 09:15:13 UTC

ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 8 NATTkA bot gentoo-dev

2021-06-20 17:20:38 UTC

Unable to check for sanity:

> no match for package: sys-block/blktrace-1.2.0_p20210419122502

Comment 9 John Helmert III archtester

2021-06-20 17:26:54 UTC

Ping, please cleanup

Comment 10 John Helmert III archtester

2021-07-06 00:03:01 UTC

GLSA request filed

Comment 11 GLSAMaker/CVETool Bot gentoo-dev

2021-07-08 03:35:40 UTC

This issue was resolved and addressed in
 GLSA 202107-15 at https://security.gentoo.org/glsa/202107-15
by GLSA coordinator John Helmert III (ajak).