← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #69945

[Bug 1337339] Re: x86_64, ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)

  Thread PreviousDate PreviousThread Next 
** Information type changed from Private Security to Public Security

** No longer affects: linux-armadaxp (Ubuntu)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-armadaxp in Ubuntu.
https://bugs.launchpad.net/bugs/1337339

Title:
  x86_64,ptrace: Enforce RIP <= TASK_SIZE_MAX (CVE-2014-4699)

Status in “linux” package in Ubuntu:
  New
Status in “linux-armadaxp” package in Ubuntu:
  New
Status in “linux-ec2” package in Ubuntu:
  Invalid
Status in “linux-lowlatency” package in Ubuntu:
  Invalid
Status in “linux-lts-quantal” package in Ubuntu:
  Invalid
Status in “linux-lts-raring” package in Ubuntu:
  Invalid
Status in “linux-lts-saucy” package in Ubuntu:
  Invalid
Status in “linux-lts-trusty” package in Ubuntu:
  Invalid
Status in “linux” source package in Lucid:
  New
Status in “linux-ec2” source package in Lucid:
  New
Status in “linux” source package in Precise:
  New
Status in “linux-lowlatency” source package in Precise:
  New
Status in “linux-lts-quantal” source package in Precise:
  New
Status in “linux-lts-raring” source package in Precise:
  New
Status in “linux-lts-saucy” source package in Precise:
  New
Status in “linux-lts-trusty” source package in Precise:
  New
Status in “linux” source package in Saucy:
  New
Status in “linux-lowlatency” source package in Saucy:
  New
Status in “linux” source package in Trusty:
  New
Status in “linux” source package in Utopic:
  New

Bug description:
  This CVE has an embargo of July 8

  
  Don't allow ptrace to set RIP to a value that couldn't happen by
  ordinary control flow. There are CPU bugs^Wfeatures that can have
  interesting effects if RIP is non-canonical.

  I didn't make the corresponding x86_32 change, since x86_32 has no
  concept of canonical addresses.

  putreg32 doesn't need this fix: value is only 32 bits, so it can't
  be non-canonical.

  Fixes CVE-2014-4699.  There are arguably still bugs here, but this
  fixes the major issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1337339/+subscriptions
  Thread PreviousDate PreviousThread Next