group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1847189] [NEW] Bad posix clock speculation mitigation backport

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Tue, 08 Oct 2019 06:00:28 -0000
Reply-to: Bug 1847189 <1847189@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Public security bug reported:

[Impact]

Vitaly Nikolenko pointed out that syscall(__NR_clock_gettime, 10, 0) can
be used to perform a denial of service (system crash) or possibly
execute arbitrary code in the Ubuntu Xenial kernel:

  https://twitter.com/vnik5287/status/1180666151216435200

[Test Case]

Execute the following test program and verify that it prints out
"clock_gettime: Invalid argument" rather than triggering a NULL pointer
dereference and stack trace in the kernel logs.

==========
#include <stdio.h>
#include <time.h>

int main(void)
{
        int rc = clock_gettime(10, 0);

        if (rc < 0)
                perror("clock_gettime");

        return rc;
}
==========

[Regression Potential]

Low. The fix is easy to review and fixes a denial of service issue
that's trivial to trigger.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Affects: linux (Ubuntu Xenial)
     Importance: Medium
     Assignee: Tyler Hicks (tyhicks)
         Status: In Progress

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Xenial)
       Status: New => In Progress

** Changed in: linux (Ubuntu Xenial)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: linux (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu)
       Status: In Progress => Invalid

** Changed in: linux (Ubuntu)
     Assignee: Tyler Hicks (tyhicks) => (unassigned)

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1847189

Title:
  Bad posix clock speculation mitigation backport

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Xenial:
  In Progress

Bug description:
  [Impact]

  Vitaly Nikolenko pointed out that syscall(__NR_clock_gettime, 10, 0)
  can be used to perform a denial of service (system crash) or possibly
  execute arbitrary code in the Ubuntu Xenial kernel:

    https://twitter.com/vnik5287/status/1180666151216435200

  [Test Case]

  Execute the following test program and verify that it prints out
  "clock_gettime: Invalid argument" rather than triggering a NULL
  pointer dereference and stack trace in the kernel logs.

  ==========
  #include <stdio.h>
  #include <time.h>

  int main(void)
  {
          int rc = clock_gettime(10, 0);

          if (rc < 0)
                  perror("clock_gettime");

          return rc;
  }
  ==========

  [Regression Potential]

  Low. The fix is easy to review and fixes a denial of service issue
  that's trivial to trigger.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1847189/+subscriptions

Follow ups

[Bug 1847189] Re: Bad posix clock speculation mitigation backport
From: Launchpad Bug Tracker, 2019-11-12