oss-sec mailing list archives

Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions

From: David Hildenbrand <david () redhat com>
Date: Mon, 8 Aug 2022 17:58:17 +0200

On 08.08.22 09:18, David Hildenbrand wrote:

Hi,

I found a security issue (CVE-2022-2590) in the Linux kernel similar to
Dirty COW (CVE-2016-5195), however, restricted to shared memory (shmem /
tmpfs). I notified distributions one week ago and the embargo ended today.


I forgot to add an important part: Nadav Amit raised [1] that the dirty
bit is possibly problematic and essentially participated to the
discovery of this security issue.

s/I found/Nadav and I found/

Credit where credit is due.

[1] https://lore.kernel.org/all/20220619233449.181323-4-namit () vmware com/

-- 
Thanks,

David / dhildenb

Current thread:

CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Solar Designer (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Demi Marie Obenour (Aug 08)
  - Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 09)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 15)