oss-sec mailing list archives
CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex
From: Eugene Teo <eugene () redhat com>
Date: Mon, 04 May 2009 12:31:02 +0800
This vulnerability was introduced in commit d84f4f99 ("CRED: Inaugurate COW credentials"), and was fixed in commit cad81bc2 ("ptrace: ptrace_attach: fix the usage of ->cred_exec_mutex"). It affects kernel 2.6.29. The patch ensured that both ptrace_attach() and the tracee are serialised by the tracee's cred_exec_mutex. If not, the race can be exploited by calling ptrace(PTRACE_ATTACH) to the task in the middle of exec(setuid_application). This could result in a local privilege escalation. Thanks, Eugene
Current thread:
- CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex Eugene Teo (May 03)