Date: Sat, 7 May 2016 06:22:32 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: Doug Ledford <dledford@...hat.com>, Red Hat Security Response Team <secalert@...hat.com>, Ben Hutchings <benh@...ian.org> Subject: CVE Request: Linux: IB/security: Restrict use of the write() interface' Hi Jann Horn reported an issue in the infiniband stack. It has been fixed in v4.6-rc6 with commit e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 > IB/security: Restrict use of the write() interface > The drivers/infiniband stack uses write() as a replacement for > bi-directional ioctl(). This is not safe. There are ways to > trigger write calls that result in the return structure that > is normally written to user space being shunted off to user > specified kernel memory instead. > > For the immediate repair, detect and deny suspicious accesses to > the write API. > > For long term, update the user space libraries and the kernel API > to something that doesn't present the same security vulnerabilities > (likely a structured ioctl() interface). > > The impacted uAPI interfaces are generally only available if > hardware from drivers/infiniband is installed in the system. Could you assign a CVE for this issue? I'm just to avoid possible duplication as well Cc'ing Red Hat's secalert, since the commit was signed off by Doug Ledford <dledford@...hat.com>. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ