Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 655146 (CVE-2018-10689) - <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689)
Summary: <sys-block/blktrace-1.2.0_p20210419122502: buffer overflow in the dev_map_rea...
Status: RESOLVED FIXED
Alias: CVE-2018-10689
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-07 10:03 UTC by Agostino Sarubbo
Modified: 2021-07-08 03:35 UTC (History)
1 user (show)

See Also:
Package list:
sys-block/blktrace-1.2.0_p20210419122502
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2018-05-07 10:03:08 UTC
From ${URL} :


A flaw was found in blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno 
arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file.


References:
https://www.spinics.net/lists/linux-btrace/msg00847.html

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sam James archtester gentoo-dev Security 2020-04-22 22:11:58 UTC
@maintainer(s): ping, fancy applying the patch, or is it not suitable?
Comment 2 Larry the Git Cow gentoo-dev 2021-06-12 18:04:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d67d725f6bbb13cf73ff577df38e36bd08544d78

commit d67d725f6bbb13cf73ff577df38e36bd08544d78
Author:     Robin H. Johnson <robbat2@gentoo.org>
AuthorDate: 2021-06-12 18:01:43 +0000
Commit:     Robin H. Johnson <robbat2@gentoo.org>
CommitDate: 2021-06-12 18:04:13 +0000

    sys-block/blktrace: bump using snapshot
    
    Reference: CVE-2018-10689
    Bug: https://bugs.gentoo.org/655146
    Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

 sys-block/blktrace/Manifest                        |  1 +
 .../blktrace/blktrace-1.2.0_p20210419122502.ebuild | 61 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2021-06-12 18:05:38 UTC
security:
you can stablereq it. I chose to use the upstream snapshot because they haven't made a new release in 3.5 years, and it contains other build & functionality fixes to work in edge cases of newer kernels (e.g. cgroup stuff)
Comment 4 John Helmert III gentoo-dev Security 2021-06-12 18:08:03 UTC
Thanks Robin!
Comment 5 Agostino Sarubbo gentoo-dev 2021-06-13 06:28:12 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2021-06-13 06:32:49 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2021-06-14 09:15:13 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 8 NATTkA bot gentoo-dev 2021-06-20 17:20:38 UTC
Unable to check for sanity:

> no match for package: sys-block/blktrace-1.2.0_p20210419122502
Comment 9 John Helmert III gentoo-dev Security 2021-06-20 17:26:54 UTC
Ping, please cleanup
Comment 10 John Helmert III gentoo-dev Security 2021-07-06 00:03:01 UTC
GLSA request filed
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2021-07-08 03:35:40 UTC
This issue was resolved and addressed in
 GLSA 202107-15 at https://security.gentoo.org/glsa/202107-15
by GLSA coordinator John Helmert III (ajak).