Linux ptrace bug (CVE-2014-4699)
Bug #1340038 reported by
Pavel Chekin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Committed
|
High
|
Alexei Sheplyakov |
Bug Description
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
CVE References
Changed in mos: | |
assignee: | MOS Linux (mos-linux) → Alexei Sheplyakov (asheplyakov) |
importance: | Undecided → High |
status: | New → Confirmed |
milestone: | none → 6.0 |
tags: | added: cve |
Changed in mos: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
The issue has been fixed in upstream version 3.10.48 (to be more specific, commit 8c6fa0a671dc12e e3dd658dafbd1d4 a7fec2250d "`ptrace,x86: force IRET path after a ptrace_stop()').
Ubuntu team has released a fix for 2.6.32 (see https:/ /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1337339, http:// archive. ubuntu. com/ubuntu/ pool/main/ l/linux/ linux_2. 6.32-64. 127.diff. gz), but there's no official update for CentOS 6.5/RHEL 6. e3dd658dafbd1d4 a7fec2250d )?
Should we wait for one, or we can peek the fix from Ubuntu (which is basically equivalent to commit 8c6fa0a671dc12e