A race condition was found in the way Linux kernel's memory subsystem handled breakage of the read only private mappings COW situation on write access. An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
4.7.9 is patching this vulnerability and is released https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.9
affected: <sys-kernel/gentoo-sources-4.8.3 <sys-kernel/gentoo-sources-4.7.9 <sys-kernel/gentoo-sources-4.4.26
Please, release 4.8.3
(In reply to Vitaly L. Fadeev from comment #3) > Please, release 4.8.3 4.8 is not a long terms stable branch, hence not a candiate for gentoo stabilization, hence irrelevant for this security tracking bug.
Any gentoo-sources version is a candidate for stabilization unless it is EOL'ed.
Where do we send money to get 4.1.x patched? Thanks.
(In reply to Yuri Arabadji from comment #6) > Where do we send money to get 4.1.x patched? Thanks. If you don't want to wait why don't you try to fix it yourself? I patched my kernel (4.4.21) as described in the Gentoo forum (https://forums.gentoo.org/viewtopic-p-7980252.html#7980252) and recompiled the kernel. The PoC didn't work with the patched kernel. Not an official fix but at least a fast and working solution.
Shouldn't there be a GLSA for this?
(In reply to Fredrik Eriksson from comment #8) > Shouldn't there be a GLSA for this? The official policy is no GLSA for kernel vulnerabilities, there are several reasons for this, one of which is that glsa-check does not have capabilities to check such GLSA vs running kernels. Another is the number of different kernel branches, most of which are in testing, so the workload of tracking each individual is too high for the security project.
Seem that gentoo-sources-4.1.15-gentoo-r1 is also vulnerable: root@localhost#ll foo -rw-r--r-- 1 root root 15 Oct 24 22:28 foo user@localhost#./dirtyc0w foo m000000000000 mmap 7f7530ee7000 madvise 0 procselfmem 1300000000 user@localhost#cat foo m000000000000t #emerge --info Portage 2.1.12.2 (default/linux/amd64/13.0, gcc-4.9.3, glibc-2.21-r2, 4.1.15-gentoo-r1 x86_64) ================================================================= System uname: Linux-4.1.15-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9300_@_2.50GHz-with-gentoo-2.2 KiB Mem: 8158944 total, 893372 free KiB Swap: 19531768 total, 16722224 free Timestamp of tree: Wed, 12 Jun 2013 06:45:01 +0000 ld GNU ld (GNU Binutils) 2.24 distcc 3.1 x86_64-pc-linux-gnu [enabled] ccache version 3.1.9 [enabled] app-shells/bash: 4.2_p50::x-patches dev-lang/python: 2.7.3-r3, 3.2.3-r2 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.10.2-r2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6, 1.12.6 sys-devel/binutils: 2.24-r3::x-patches sys-devel/gcc: 4.9.3::x-kernel sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.7 (virtual/os-headers) sys-libs/glibc: 2.21-r2::x-patches Repositories: gentoo freeswitch my x-patches x-libguestfs x-ansible x-libvirt x-qemu x-pg_repack x-php x-icinga x-minidlna x-kernel x-cryptsetup x-unbound x-bcache ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -msse4.1 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=core2 -msse4.1 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirror.netcologne.de/gentoo/ http://mirror.leaseweb.com/gentoo/ http://ftp.halifax.rwth-aachen.de/gentoo/ http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ ftp://mirror.netcologne.de/gentoo/" LANG="en_US.UTF-8" LC_ALL="" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/freeswitch /usr/local/overlays/my /usr/local/overlays/patches /usr/local/overlays/libguestfs /usr/local/overlays/ansible /usr/local/overlays/libvirt /usr/local/overlays/qemu /usr/local/overlays/pg_repack /usr/local/overlays/php /usr/local/overlays/icinga /usr/local/overlays/minidlna /usr/local/overlays/kernel /usr/local/overlays/cryptsetup /usr/local/overlays/unbound /usr/local/overlays/bcache" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="acl aio amd64 berkdb bzip2 cli cracklib crypt cxx dri flac fortran gcrypt gdbm gpm iconv ipv6 lighttpd logrotate lvm mmx modules mp3 mudflap multilib ncurses nfs nls nptl openmp pam pcre perl postgres readline session sse sse2 ssl ssse3 tcpd threads unicode vhosts x264 zlib zsh-completion" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LIRC_DEVICES="udp" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_USER_TARGETS="x86_64" RUBY_TARGETS="ruby19 ruby18" SANE_BACKENDS="lexmark" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
The 4.1 series is maintained by Sasha Levin. The necessary patch was included in the upstream 4.1.35 release.
(In reply to Kerin Millar from comment #11) > The 4.1 series is maintained by Sasha Levin. The necessary patch was > included in the upstream 4.1.35 release. Why don't we stabilize the 4.1.35 in gentoo?
What about other longterm kernel versions? As I see from kernel.org, fixed versions are available.
Yes, would be great to introduce gentoo-sources-4.1.35.
Created attachment 451440 [details] ebuild with patch agains CVE-2016-5195 for gentoo-sources-4.1.15-r1 For everyone running the gentoo-sources-4.1.15-r2 can use the following overlay to patch the kernel agains CVE-2016-5195 until the portage is updated.
(In reply to bugs-gentoo01 from comment #15) > Created attachment 451440 [details] > ebuild with patch agains CVE-2016-5195 for gentoo-sources-4.1.15-r1 > > For everyone running the gentoo-sources-4.1.15-r2 can use the following > overlay to patch the kernel agains CVE-2016-5195 until the portage is > updated. But what for? It's easier to use /etc/portage/patches/... and (re)emerge kernel from any line you want.
why don't we stabilize at all?
(In reply to Alice Ferrazzi from comment #2) > affected: > <sys-kernel/gentoo-sources-4.8.3 > <sys-kernel/gentoo-sources-4.7.9 > <sys-kernel/gentoo-sources-4.4.26 Those should be "<=" instead of "<" or perhaps: affected: <sys-kernel/gentoo-sources-4.8.4 <sys-kernel/gentoo-sources-4.7.10 <sys-kernel/gentoo-sources-4.4.27 and for 4.1.X: <sys-kernel/gentoo-sources-4.1.35 which is not yet available.
(In reply to Jerry McDonald from comment #18) > (In reply to Alice Ferrazzi from comment #2) > > affected: > > <sys-kernel/gentoo-sources-4.8.3 > > <sys-kernel/gentoo-sources-4.7.9 > > <sys-kernel/gentoo-sources-4.4.26 > > Those should be "<=" instead of "<" or perhaps: > > affected: > <sys-kernel/gentoo-sources-4.8.4 > <sys-kernel/gentoo-sources-4.7.10 > <sys-kernel/gentoo-sources-4.4.27 > Nevermind - not enough changelog at packages.gentoo.org. Sorry for my confusion.
hardened-sources 4.7.6 is affected.
*** Bug 598076 has been marked as a duplicate of this bug. ***
Please release gentoo-sources-4.1.35
(In reply to Robert R. Richter from comment #22) > Please release gentoo-sources-4.1.35 commit 131f8aef61234ec1fac63a07be2e56d7185d835b Author: Mike Pagano <mpagano@gentoo.org> Date: Fri Oct 28 06:46:08 2016 -0400 sys-kernel/gentoo-sources: Linux patch 4.1.35 Package-Manager: portage-2.3.0
also <sys-kernel/gentoo-sources.3.18.44 is affected
Hello! Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are affected? If yes, when they will be fixed? Thanks!!!
(In reply to Vadim from comment #25) > Hello! > > Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are > affected? > If yes, when they will be fixed? > Thanks!!! You can use this ansible playbook to check: https://github.com/oleg-fiksel/ansible_CVE-2016-5195_check Or run the exploit manually: https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c --Oleg
(In reply to Vadim from comment #25) > Hello! > > Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are > affected? > If yes, when they will be fixed? > Thanks!!! I can tell you that gentoo-sources-3.10.104 is definitely fixed. Yes, it is marked unstable, but we have 3.10.104 (~x86) running on a production server for more than 19 days and NO PROBLEMS at all :-) !
(In reply to bugs-gentoo01 from comment #26) > (In reply to Vadim from comment #25) > > Hello! > > > > Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are > > affected? > > If yes, when they will be fixed? > > Thanks!!! > > You can use this ansible playbook to check: > https://github.com/oleg-fiksel/ansible_CVE-2016-5195_check > Or run the exploit manually: > https://github.com/dirtycow/dirtycow.github.io/blob/master/dirtyc0w.c > > --Oleg Thanks for information!!! I've checked and can tell that this kernels are affected too.
(In reply to Robert R. Richter from comment #27) > (In reply to Vadim from comment #25) > > Hello! > > > > Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are > > affected? > > If yes, when they will be fixed? > > Thanks!!! > > I can tell you that gentoo-sources-3.10.104 is definitely fixed. > > Yes, it is marked unstable, but we have 3.10.104 (~x86) running on a > production server for more than 19 days and NO PROBLEMS at all :-) ! Thanks! I have a question when fixed kernel 3.10.104 will be stable?
(In reply to Vadim from comment #29) > (In reply to Robert R. Richter from comment #27) > > (In reply to Vadim from comment #25) > > > Hello! > > > > > > Could you please tell me kernels 3.10.7-gentoo-r1 and 3.2.6-gentoo are > > > affected? > > > If yes, when they will be fixed? > > > Thanks!!! > > > > I can tell you that gentoo-sources-3.10.104 is definitely fixed. > > > > Yes, it is marked unstable, but we have 3.10.104 (~x86) running on a > > production server for more than 19 days and NO PROBLEMS at all :-) ! > > Thanks! > > I have a question when fixed kernel 3.10.104 will be stable? I just entered stable req bugs for the rest of the affected gentoo-sources kernels that we carry: sys-kernel/gentoo-sources-3.12.66 sys-kernel/gentoo-sources-3.10.104 sys-kernel/gentoo-sources-3.2.83 sys-kernel/gentoo-sources-3.4.113 bug #599520 bug #599522 bug #599524 bug #599526
Fix in 4.9
