Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 May 2016 06:22:32 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: Doug Ledford <dledford@...hat.com>,
	Red Hat Security Response Team <secalert@...hat.com>,
	Ben Hutchings <benh@...ian.org>
Subject: CVE Request: Linux: IB/security: Restrict use of the write()
 interface'

Hi

Jann Horn reported an issue in the infiniband stack. It has been fixed
in v4.6-rc6 with commit e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3:

https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3

> IB/security: Restrict use of the write() interface
> The drivers/infiniband stack uses write() as a replacement for
> bi-directional ioctl().  This is not safe. There are ways to
> trigger write calls that result in the return structure that
> is normally written to user space being shunted off to user
> specified kernel memory instead.
> 
> For the immediate repair, detect and deny suspicious accesses to
> the write API.
> 
> For long term, update the user space libraries and the kernel API
> to something that doesn't present the same security vulnerabilities
> (likely a structured ioctl() interface).
> 
> The impacted uAPI interfaces are generally only available if
> hardware from drivers/infiniband is installed in the system.

Could you assign a CVE for this issue?

I'm just to avoid possible duplication as well Cc'ing Red Hat's
secalert, since the commit was signed off by Doug Ledford
<dledford@...hat.com>.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ