oss-sec mailing list archives
Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)
From: Vladis Dronov <vdronov () redhat com>
Date: Thu, 13 Oct 2016 10:25:46 -0400 (EDT)
Hello, David, Could you, please, tell, if you plan to submit that patch of yours to be merged upstream? Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Greg KH" <greg () kroah com> To: oss-security () lists openwall com Sent: Thursday, October 13, 2016 2:57:17 PM Subject: Re: [oss-security] kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) On Thu, Oct 13, 2016 at 08:46:51AM -0400, Vladis Dronov wrote:
Hello, It was found that when gcc stack protector is turned on, proc_keys_show() can cause a panic in the Linux kernel due to the stack corruption. This happens because xbuf[] is not big enough to hold a 64-bit timeout value rendered as weeks. CVE-2016-7042 was assigned to this flaw internally by the Red Hat. Please, use it in the public communications regarding this flaw. References: https://bugzilla.redhat.com/show_bug.cgi?id=1373966 (patch) https://bugzilla.redhat.com/show_bug.cgi?id=1373499 (reproducer, patch) Note: Unfortunately, I'm not sure if the patch was already sent to security () kernel org or alike by the patch author.
Nope, I don't think that security () kernel org was sent the patch, but if the maintainer of the subsytem already knows about it (it looks like he wrote the patch), then there was no need to let that alias know about it, right? Any idea if this is going to be submitted to be merged upstream? thanks, greg k-h
Current thread:
- kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)