Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678484 (CVE-2019-8912) - <sys-kernel/gentoo-sources-{4.4.176,4.9.160,4.14.103,4.19.25}: Linux Kernel 'crypto/af_alg.c' Use After Free Arbitrary Code Execution Vulnerability
Summary: <sys-kernel/gentoo-sources-{4.4.176,4.9.160,4.14.103,4.19.25}: Linux Kernel '...
Status: IN_PROGRESS
Alias: CVE-2019-8912
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: stable?
Keywords:
Depends on: 679558
Blocks:
  Show dependency tree
 
Reported: 2019-02-21 09:36 UTC by aa
Modified: 2019-03-05 23:24 UTC (History)
6 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description aa 2019-02-21 09:36:40 UTC
In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

https://www.securityfocus.com/bid/107063
Comment 1 Nils Freydank 2019-02-23 10:01:49 UTC
Hi,

today updates were pushed by upstream that contain the fix[1]:

4.14.103: 6e4c01ee785c2192fcc4be234cedde3706309a7e
4.19.25: eb5e6869125f69dd28513f92992d97ec62bb9773
4.20.12: cc5cb5c0d03d9a990dd6d40dce5a5cf96de8e81e

5.0-r7 seems to be still affected; this shouldn't matter as 5.0 or RC8 might be released within the next days (based on the typical "release cycle").

Kernels prior to 4.10 might be unaffected according to a German news magazine[2].

With the fix applied the file crypto/af_alg.c must contain inside the
function af_alg_release() the additional line

sock->sk = NULL;

(plus the corresponding curly brackets).

[1] The fix is inside the commit with the summary "net: crypto set sk to NULL when af_alg_release." respectivly 5.0 commit 9060cb719e61b685ec0102574e10337fa5f445ea.

[2] https://heise.de/-4315290
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2019-02-24 18:37:37 UTC
Stable candidates committed in:
sys-kernel/gentoo-sources-4.19.25:  1cc8f57d0e255e49d454aa2e10ed635100a9a2b9
sys-kernel/gentoo-sources-4.14.103: 5910e16d0838d7b37f75321a6b488a0ca5fbc807
sys-kernel/gentoo-sources-4.9.160:  ffd70cc88542c25db5b0328d619c720ba0c49c15
sys-kernel/gentoo-sources-4.4.176:  efc2e58391a39331474b32aca3955f2c639f4aa7

awaiting stabilization