oss-sec mailing list archives

Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)

From: Yves-Alexis Perez <corsac () debian org>
Date: Thu, 24 Jan 2019 10:30:28 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 2019-01-23 at 14:28 -0600, Timothy Michaud wrote:

NOTE: I have requested a CVE identifier, and I'm sending this message, to
make tracking of the fix easier; however, to avoid missing security fixes
without CVE identifiers, you should *NOT* be cherry-picking a specific
patch in response to a notification about a kernel security bug.

Due to a lack of "access_ok()" checks in i915_gem_execbuffer2_ioctl[1], it
is possible to escalate privileges similar to the waitid vulnerability[2]


Hi, thanks for the report.

The patch doesn't seem CC: stable, could you give us a status on the various
stable releases?

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxJhbQACgkQ3rYcyPpX
RFsNSwf/WQH9UPK9YIFBdu47hZUKOr2tRkFosjnyEecG8HsBxI1191fXsZcGgeJk
YVzL+oWvlvQcTajPnbBLPU6qey9ZFz8AdNkXGSKXnejaPpn9LvkJntT086s6lX1i
dWSgDbhAX0PT2UO1I1k4GJ5KA8SxEIzPnqq2moB8WjcIIWuqFEFJIjYkL36Wovhp
/rKIBZGMX25zxKHzCckGYcski/KKFpgqbqbyQ2jLydht3nHczlhGP/lTa/DVr8IN
YH//6ayr0Kml/G9X8ZIV1ciu+UKQGFAVwrXNAmugNmy6tZwRVDezvP2+JfWZNAG/
bjhyac/xqmS/VquQjKKgyTQPoPBUkg==
=Xt1Y
-----END PGP SIGNATURE-----

Current thread:

Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Timothy Michaud (Jan 23)
- Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Yves-Alexis Perez (Jan 24)
- <Possible follow-ups>
- Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Ben Hutchings (Feb 07)
  - Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Timothy Michaud (Feb 07)