2015-04-08 00:00:46 |
Daniel J Blueman |
bug |
|
|
added bug |
2015-04-08 00:01:19 |
Daniel J Blueman |
information type |
Private Security |
Public |
|
2015-04-08 03:38:54 |
Daniel J Blueman |
attachment added |
|
debdiff with upstream fix https://bugs.launchpad.net/ubuntu/+source/numactl/+bug/1441388/+attachment/4369005/+files/numactl_2.0.9%7Erc5-1ubuntu4.debdiff |
|
2015-04-08 04:18:09 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2015-04-08 04:18:15 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2015-04-10 11:14:03 |
Daniel Holbach |
numactl (Ubuntu): status |
New |
Fix Committed |
|
2015-04-10 11:27:23 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/vivid-proposed/numactl |
|
2015-04-10 12:02:49 |
Launchpad Janitor |
numactl (Ubuntu): status |
Fix Committed |
Fix Released |
|
2015-04-10 12:22:34 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/numactl |
|
2015-05-21 22:36:29 |
Serge Hallyn |
nominated for series |
|
Ubuntu Utopic |
|
2015-05-21 22:36:29 |
Serge Hallyn |
bug task added |
|
numactl (Ubuntu Utopic) |
|
2015-05-21 22:36:29 |
Serge Hallyn |
nominated for series |
|
Ubuntu Trusty |
|
2015-05-21 22:36:29 |
Serge Hallyn |
bug task added |
|
numactl (Ubuntu Trusty) |
|
2015-05-21 22:37:00 |
Serge Hallyn |
numactl (Ubuntu): importance |
Undecided |
High |
|
2015-05-21 22:37:03 |
Serge Hallyn |
numactl (Ubuntu Trusty): importance |
Undecided |
High |
|
2015-05-21 22:37:06 |
Serge Hallyn |
numactl (Ubuntu Utopic): importance |
Undecided |
High |
|
2015-05-21 22:38:36 |
Serge Hallyn |
description |
numactl sometimes crashes when enumerating hardware:
root@node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault
Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
I have fixed the issue upstream:
https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd |
===============================================================
SRU Justification
Impact: program crashes, may be exploitable
Test case: "numactl --hardware" on a large system
Regression potential: this patch only makes sure that a bitmask is in bss to initialize to 0.
===============================================================
numactl sometimes crashes when enumerating hardware:
root@node1:~# numactl --hardware
available: 648 nodes (0-647)
Segmentation fault
Further analysis shows that libnuma is using an uninitialised pointer, which value depends on program layout. When layout is sufficiently different, the pointer is non-NULL and the library parses the data pointed to as a bitmap, crashing.
Therefore, it is possible to leverage this in an exploit.
I have fixed the issue upstream:
https://github.com/numactl/numactl/commit/6a7c2cf3f00e32082a1ada300cc585740e2b4bbd |
|
2015-05-21 22:38:44 |
Serge Hallyn |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2015-06-03 14:38:47 |
Chris J Arges |
numactl (Ubuntu Trusty): status |
New |
Fix Committed |
|
2015-06-03 14:38:52 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
2015-06-03 14:38:56 |
Chris J Arges |
tags |
patch |
patch verification-needed |
|
2015-06-03 14:39:28 |
Chris J Arges |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2015-06-03 14:40:11 |
Chris J Arges |
numactl (Ubuntu Utopic): status |
New |
Fix Committed |
|
2015-06-10 18:24:22 |
Chris J Arges |
tags |
patch verification-needed |
patch verification-done |
|
2015-06-10 18:24:33 |
Launchpad Janitor |
numactl (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
2015-06-10 18:24:38 |
Chris J Arges |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2015-06-10 18:24:52 |
Launchpad Janitor |
numactl (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-06-23 01:29:50 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/numactl |
|
2015-06-23 01:29:52 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/utopic-proposed/numactl |
|