Navigation
Search
|
A local root kernel vulnerability
Tuesday July 20, 2021. 04:35 PM , from LWN.net
Commit 8cae8cd89f05
went into the mainline kernel repository on July 19; it puts a limit on the size of buffers allocated in the seq_file mechanism and mentions 'int overflow pitfalls'. For more information, look to this Qualys advisory describing the vulnerability: We discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string '//deleted' to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. It may not sound like much, but they claim to have written exploits for a number of Ubuntu, Debian, and Fedora distributions. Updates from distributors are already flowing, and this patch has been fast-tracked into today's stable kernel updates as well.
https://lwn.net/Articles/863586/rss
|
25 sources
Current Date
May, Sun 5 - 14:31 CEST
|