Date: Fri, 16 Nov 2018 00:38:18 +0100 From: Jann Horn <jannh@...gle.com> To: oss-security@...ts.openwall.com Subject: Linux kernel: broken uid/gid mapping for nested user namespaces with >5 ranges (CVE-2018-18955; since 4.15; fixed in 4.18.19 and 4.19.2) NOTE: I have requested a CVE identifier, and I'm sending this message, to make tracking of the fix easier; however, to avoid missing security fixes without CVE identifiers, you should *NOT* be cherry-picking a specific patch in response to a notification about a kernel security bug. In Linux kernel versions since 4.15, map_write() in kernel/user_namespace.c handles nested user namespaces with more than 5 UID or GID ranges incorrectly. This can allow a user who has CAP_SYS_ADMIN in a user namespace which maps at least 6 UIDs or GIDs to bypass access controls on resources outside the namespace. This is CVE-2018-18955. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.19 https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.2 https://bugs.chromium.org/p/project-zero/issues/detail?id=1712
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.