Summary: | kernel: stack clash | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | alexander, arthur, bug, diddledan, hydrapolic, itumaykin+gentoo, kernel, kfm, lucas.yamanishi, luke, moonlapse81, phmagic, sergeev917, sudormrfhalt |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/06/19/1 | ||
Whiteboard: | A1 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-06-19 15:30:25 UTC
Say hello to "The Stack Clash" We had a bit of discussion on forums.gentoo.org for CVE 364. Just wanted to add this in case someone was searching this without checking fgo. https://forums.gentoo.org/viewtopic-t-1065154-highlight-.html Hu found the commit that expanded the guard area, and I'm testing it backported into gentoo-sources-4.9.16 - however, without the actual exploit I cannot test its effectiveness other than it not causing side effects to normal operation. Wanted to also clarify despite the guard page added in 2010, this was not the introduction of this bug (it's been around since virtually the dawn of Linux), rather an incomplete fix was made then. The fix that was committed to 4.12pre6 which Hu found is also not a guaranteed fix, however it is thought that the vast majority of existing suid/sgid programs would be unusual to allocate stack space over 1MB in one function call, and thus should be sufficient to prevent privilege escalation. Fixed kernels released. Fixes in 4.9.35, 4.13 onwards |