oss-sec mailing list archives
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function
From: Daniel Micay <danielmicay () gmail com>
Date: Tue, 30 May 2017 10:29:32 -0400
init=/bin/bash -- arguments for bash running as real root If a memory corruption bug via a kernel line option is a vulnerability, so is this. It's a vulnerability in the verified boot implementation if there's attacker control over the kernel line to this extent. Even if we're going to treat memory corruption specially, you can corrupt memory simply via crazy configuration on the kernel command line... that is parsed properly, but then breaks at runtime. You can also happily disable features like rodata to make your life easier, since... you control the kernel line. I can't understand what kind of threat model considers these valid CVEs.
Current thread:
- Linux kernel: stack buffer overflow with controlled payload in get_options() function Ilya Matveychikov (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)