Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 469854 (CVE-2013-2094) - Kernel: perf_swevent_enabled array out-of-bound access (CVE-2013-2094)
Summary: Kernel: perf_swevent_enabled array out-of-bound access (CVE-2013-2094)
Status: RESOLVED FIXED
Alias: CVE-2013-2094
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Kernel Security
URL: http://git.kernel.org/cgit/linux/kern...
Whiteboard:
Keywords:
Depends on: 469956 CVE-2014-6416
Blocks:
  Show dependency tree
 
Reported: 2013-05-14 16:28 UTC by Tom Wijsman (TomWij) (RETIRED)
Modified: 2020-04-10 21:19 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-05-14 16:28:55 UTC
Upstream fix in "URL" mentions:

> Trinity discovered that we fail to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy().

RedHat bug in "See Also" mentions:

> A local unprivileged user can use this flaw to increase their privileges on the system.

Introduced in:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0a873ebbf87bf38bf70b5e39a7cadc96099fa13

References:

http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
https://news.ycombinator.com/item?id=5703758
http://packetstormsecurity.com/files/121616/semtex.c
Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-05-14 17:13:26 UTC
Fix is present in the following kernels:

 # git tag --contains 8176cced706b5e5d15887584150764894e94e02f
v3.9
v3.9-rc8
v3.9.1
v3.9.2

 # git tag --contains ff91fd5bc105f29a34755a6dd6d547c877b7d027
v3.8.10
v3.8.11
v3.8.12
v3.8.13
v3.8.9

 # git tag --contains da307d100cd4979e353e8265d0691263aa2a0086
v3.4.42
v3.4.43
v3.4.44
v3.4.45

 # git tag --contains 3fc8fc1cc2d585c1f695f7de914063258aafe50e
v3.2.45

 # git tag --contains 456edf57d7a6fe1b238ec708b19063d78cf4b250
v3.0.75
v3.0.76
v3.0.77
v3.0.78

Immediate actions which I will take for sys-kernel/gentoo-sources within minutes:

- Removal of affected v3.0.74, v3.2.41, v3.2.42, v3.2.43, v3.2.44, v3.4.34, v3.4.41, v3.6.11-r1, v3.6.11-r2.

- Addition of v3.2.45.

Delayed actions which will be taken for sys-kernel/gentoo-sources:

- Removal of v3.7.10, v3.7.10-r1 once v3.8.13 has been stabilized.
Comment 2 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-05-14 17:41:05 UTC
+  14 May 2013; Tom Wijsman <TomWij@gentoo.org> ChangeLog
+  -gentoo-sources-3.0.74.ebuild, -gentoo-sources-3.2.41.ebuild,
+  -gentoo-sources-3.2.42.ebuild, -gentoo-sources-3.2.43.ebuild,
+  -gentoo-sources-3.2.44.ebuild, +gentoo-sources-3.2.45.ebuild,
+  -gentoo-sources-3.4.34.ebuild, -gentoo-sources-3.4.41.ebuild,
+  -gentoo-sources-3.6.11-r1.ebuild, -gentoo-sources-3.6.11-r2.ebuild, Metadata
+  Linux patch 3.2.45. Removal of affected versions 3.0.74, 3.2.41, 3.2.42,
+  3.2.43, 3.2.44, 3.4.34, 3.4.41, 3.6.11-r1, 3.6.11-r2; see bug #469854.
Comment 3 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-06-22 12:07:50 UTC
+  22 Jun 2013; Tom Wijsman <TomWij@gentoo.org> +gentoo-sources-3.7.10-r1.ebuild,
+  -gentoo-sources-3.7.10.ebuild, metadata.xml:
+  Revision bump. Applied security patch to 3.7.10 such that the root exploit is
+  no longer present on the remaining arches, which have not responded to
+  stabilization in a long time, directly to stable as the patches involved are
+  stable; as per the decision in bug #338739 comment 44.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2016-11-30 00:53:23 UTC
All upstream LTS kernels are including the patch; All sys-kernel/gentoo-sources ebuilds excluding sys-kernel/gentoo-sources-3.4.x have stable ebuilds containing the fix.

sys-kernel/gentoo-sources-3.4.x is currently being stabilized in bug 522930.
Comment 5 NATTkA bot gentoo-dev 2020-04-10 08:32:45 UTC
Unable to check for sanity:

> no match for package: =sys-kernel/gentoo-sources-3.4.113
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2020-04-10 21:19:38 UTC
THe 3.X is no longer in tree. 

Closing Bug.