oss-sec mailing list archives
CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec]
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 4 Oct 2012 00:08:56 +0200
Description of the problem: Commit 644595f89620 ("compat: Handle COMPAT_USE_64BIT_TIME in net/socket.c") introduced a bug where the helper functions to take either a 64-bit or compat time[spec|val] got the arguments in the wrong order, passing the kernel stack pointer off as a user pointer (and vice versa). On architectures that use separate address spaces for userspace and kernel (for example PA-RISC), an unprivileged local user can crash the system or read kernel memory. Introduced in: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=644595f89620 Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=ed6fe9d614f Acknowledgements: This issue was discovered by Mikulas Patocka of Red Hat. Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Petr Matousek (Oct 03)