group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1634496] Re: proc_keys_show crash when reading /proc/keys

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1634496@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Nov 2016 15:48:09 -0000
Reply-to: Bug 1634496 <1634496@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 3.2.0-115.157

---------------
linux (3.2.0-115.157) precise; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1636537

  * CVE-2016-5195
    - Revert "UBUNTU:SAUCE: mm: remove gup_flags FOLL_WRITE games from
      __get_user_pages()"
    - mm, gup: close FOLL MAP_PRIVATE race

linux (3.2.0-114.156) precise; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1635436

  * proc_keys_show crash when reading /proc/keys (LP: #1634496)
    - SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
      proc_keys_show (LP: #1634496)

  * CVE-2016-7117
    - net: Fix use after free in the recvmmsg exit path

  * CVE-2015-7833
    - usbvision: revert commit 588afcc1

 -- Seth Forshee <seth.forshee@xxxxxxxxxxxxx>  Tue, 25 Oct 2016 09:58:32
-0500

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7833

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5195

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7117

** Changed in: linux (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1634496

Title:
  proc_keys_show crash when reading /proc/keys

Status in Linux:
  Unknown
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Precise:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Yakkety:
  Fix Committed

Bug description:
  Running stress-ng /proc test trips the following crash:

  [ 5315.044206] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae
  [ 5315.044206] 
  [ 5315.044883] CPU: 0 PID: 4820 Comm:  Tainted: P           OE   4.8.0-25-generic #27-Ubuntu
  [ 5315.045361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014
  [ 5315.045911]  0000000000000086 00000000b337622b ffff8fe574f37c78 ffffffff8962f5d2
  [ 5315.046371]  00000000b3405b00 ffffffff89e83530 ffff8fe574f37d00 ffffffff8939e71c
  [ 5315.046841]  ffff8fe500000010 ffff8fe574f37d10 ffff8fe574f37ca8 00000000b337622b
  [ 5315.047305] Call Trace:
  [ 5315.047457]  [<ffffffff8962f5d2>] dump_stack+0x63/0x81
  [ 5315.047763]  [<ffffffff8939e71c>] panic+0xe4/0x226
  [ 5315.048049]  [<ffffffff8956b1ae>] ? proc_keys_show+0x3ce/0x3d0
  [ 5315.048398]  [<ffffffff89282b89>] __stack_chk_fail+0x19/0x30
  [ 5315.048735]  [<ffffffff8956b1ae>] proc_keys_show+0x3ce/0x3d0
  [ 5315.049072]  [<ffffffff895686b0>] ? key_validate+0x50/0x50
  [ 5315.049396]  [<ffffffff89565d70>] ? key_default_cmp+0x20/0x20
  [ 5315.049737]  [<ffffffff89459832>] seq_read+0x102/0x3c0
  [ 5315.050042]  [<ffffffff894a6302>] proc_reg_read+0x42/0x70
  [ 5315.050363]  [<ffffffff89432448>] __vfs_read+0x18/0x40
  [ 5315.050674]  [<ffffffff89432ba6>] vfs_read+0x96/0x130
  [ 5315.050977]  [<ffffffff89434085>] SyS_read+0x55/0xc0
  [ 5315.051275]  [<ffffffff89a9f076>] entry_SYSCALL_64_fastpath+0x1e/0xa8
  [ 5315.051735] Kernel Offset: 0x8200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
  [ 5315.052563] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff8956b1ae
  [ 5315.052563] 

  "The proc_keys_show function in security/keys/proc.c in the Linux
  kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack
  protector is enabled, uses an incorrect buffer size for certain
  timeout data, which allows local users to cause a denial of service
  (stack memory corruption and panic) by reading the /proc/keys file."

  Fix detailed in: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
  see: https://bugzilla.redhat.com/attachment.cgi?id=1200212&action=diff

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1634496/+subscriptions