oss-sec mailing list archives
Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver)
From: Timothy Michaud <tmm08a () acu edu>
Date: Wed, 23 Jan 2019 14:28:51 -0600
NOTE: I have requested a CVE identifier, and I'm sending this message, to make tracking of the fix easier; however, to avoid missing security fixes without CVE identifiers, you should *NOT* be cherry-picking a specific patch in response to a notification about a kernel security bug. Due to a lack of "access_ok()" checks in i915_gem_execbuffer2_ioctl[1], it is possible to escalate privileges similar to the waitid vulnerability[2] This is CVE-2018-20669 [1] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=594cc251fdd0d231d342d88b2fdff4bc42fb0690 [2] - https://salls.github.io/Linux-Kernel-CVE-2017-5123/
Current thread:
- Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Timothy Michaud (Jan 23)
- Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Yves-Alexis Perez (Jan 24)
- <Possible follow-ups>
- Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Ben Hutchings (Feb 07)
- Re: Linux Kernel: Missing access_ok() checks in IOCTL function (gpu/drm/i915 Driver) Timothy Michaud (Feb 07)