FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 06-09-2011, 12:58 PM
Stefan Bader
 
Default tty: icount changeover for other main devices

On 07.06.2011 18:13, Andy Whitcroft wrote:
> CVE-2010-4076
> The rs_ioctl function in drivers/char/amiserial.c in the Linux
> kernel 2.6.36.1 and earlier does not properly initialize a certain
> structure member, which allows local users to obtain potentially
> sensitive information from kernel stack memory via a TIOCGICOUNT
> ioctl call.
>
> CVE-2010-4077
> The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in
> the Linux kernel 2.6.36.1 and earlier does not properly initialize
> a certain structure member, which allows local users to obtain
> potentially sensitive information from kernel stack memory via
> a TIOCGICOUNT ioctl call.
>
> The above two CVEs were though fixed by upstream commit below (also the fix
> for CVE-2010-4075):
>
> commit d281da7ff6f70efca0553c288bb883e8605b3862
> Author: Alan Cox <alan@linux.intel.com>
> Date: Thu Sep 16 18:21:24 2010 +0100
>
> tty: Make tiocgicount a handler
>
> However until the drivers themselves are converted by a follow up commit
> they do not make use of the new functionality. This is done for all the
> main drivers in the following commit:
>
> commit 0587102cf9f427c185bfdeb2cef41e13ee0264b1
> Author: Alan Cox <alan@linux.intel.com>
> Date: Thu Sep 16 18:21:52 2010 +0100
>
> tty: icount changeover for other main devices
>
> This commit is already applied for Natty and later arriving via
> mainline. Following this email are patches for Hardy, Lucid,
> Lucid/fsl-imx51, and Maverick.
>
> NOTE: these are all backports with conflicts, are huge, and therefore
> deserve some real review before application.
>
> -apw
>

All backports seem to follow the same pattern of replacing an ioctl function
that copies stuff to userspace to a callback filling the provided struct.
The only sticking out would be the nozomi one as it does not seem to do the
lock, snapshot, unlock sequence other drivers do. But this is the same upstream.

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 06-09-2011, 03:30 PM
Tim Gardner
 
Default tty: icount changeover for other main devices

On 06/07/2011 10:13 AM, Andy Whitcroft wrote:

CVE-2010-4076
The rs_ioctl function in drivers/char/amiserial.c in the Linux
kernel 2.6.36.1 and earlier does not properly initialize a certain
structure member, which allows local users to obtain potentially
sensitive information from kernel stack memory via a TIOCGICOUNT
ioctl call.

CVE-2010-4077
The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in
the Linux kernel 2.6.36.1 and earlier does not properly initialize
a certain structure member, which allows local users to obtain
potentially sensitive information from kernel stack memory via
a TIOCGICOUNT ioctl call.

The above two CVEs were though fixed by upstream commit below (also the fix
for CVE-2010-4075):

commit d281da7ff6f70efca0553c288bb883e8605b3862
Author: Alan Cox<alan@linux.intel.com>
Date: Thu Sep 16 18:21:24 2010 +0100

tty: Make tiocgicount a handler

However until the drivers themselves are converted by a follow up commit
they do not make use of the new functionality. This is done for all the
main drivers in the following commit:

commit 0587102cf9f427c185bfdeb2cef41e13ee0264b1
Author: Alan Cox<alan@linux.intel.com>
Date: Thu Sep 16 18:21:52 2010 +0100

tty: icount changeover for other main devices

This commit is already applied for Natty and later arriving via
mainline. Following this email are patches for Hardy, Lucid,
Lucid/fsl-imx51, and Maverick.

NOTE: these are all backports with conflicts, are huge, and therefore
deserve some real review before application.

-apw



Acked-by: Tim Gardner <tim.gardner@canonical.com>

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 02:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org