lscpu possible crash in min/max frequency
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
util-linux (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Artful |
Fix Released
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
lscpu prior to 2.32 does not correctly check for NULL members in min/max CPU frequency arrays and can call atof() on them, leading to crashes. It seems that's what caused the verification to fail for bug 1732865. The following fixes have been committed upstream:
from 2.30: https:/
from 2.32: https:/
I plan to backport them to xenial (both patches); and artful, bionic (second patch, they are > 2.30).
[Regression potential]
The worst possible regression is that lscpu would fail to correctly report min/max frequencies, but it seems unlikely, as we're only adding checks against null pointers / move an atof into a loop.
[Test case]
Extract attached segvtest.tar.gz and run lscpu -s segvtest and check that it does not crash (this removes min mhz file for cpu #0 for testing).
CVE References
Changed in util-linux (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in util-linux (Ubuntu Artful): | |
status: | New → Triaged |
Changed in util-linux (Ubuntu Bionic): | |
status: | New → Incomplete |
status: | Incomplete → Triaged |
Changed in util-linux (Ubuntu): | |
importance: | Undecided → Critical |
importance: | Critical → High |
Changed in util-linux (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in util-linux (Ubuntu Artful): | |
importance: | Undecided → High |
Changed in util-linux (Ubuntu Bionic): | |
importance: | Undecided → High |
description: | updated |
tags: | added: id-5a2eb607f4872474ec5e0a80 |
Merged 2.32, should be building and hitting proposed soon.