TechEcho

16 comments

ebiggersover 6 years ago

AFAICS, this was exposed by the addition of sockfs_setattr() in v4.10. So it's incorrect to claim that kernels older than that are vulnerable, even though the code being fixed was older.<p>Also, note that there may not actually be a proof-of-concept exploit yet, beyond a reproducer causing a KASAN splat. When people request a CVE for a use-after-free bug they usually just assume that code execution may be possible. (Exploits can be very creative.)

评论 #19213168 未加载

sargunover 6 years ago

How does this use-after-free turn into an arbitrary code execution vuln? I don't see any jmp to the pointer?

评论 #19211641 未加载

评论 #19211122 未加载

评论 #19211203 未加载

评论 #19211106 未加载

ptrincrover 6 years ago

Looks like this is the fix:<p><a href="https://github.com/torvalds/linux/commit/9060cb719e61b685ec0102574e10337fa5f445ea" rel="nofollow">https://github.com/torvalds/linux/commit/9060cb719e61b685ec0...</a>

评论 #19211438 未加载

评论 #19211462 未加载

shereadsthenewsover 6 years ago

FYI there has not ever been a Linux kernel that lacks an exploit available to, at least, local users. There is every reason to believe that the current kernel contains at least one such flaw.

评论 #19212333 未加载

评论 #19211936 未加载

blattimwindover 6 years ago

Better link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-8912" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2019-8912</a>

pmoriartyover 6 years ago

Where is crypto/af_alg.c actually used? In what use cases does this vulnerability come in to play?

评论 #19211722 未加载

评论 #19213792 未加载

评论 #19217951 未加载

评论 #19211700 未加载

cmurfover 6 years ago

I'm not seeing the patch in 4.20.11's changelog or any of the longterm kernel versions posted today.

评论 #19211556 未加载

评论 #19211332 未加载

saagarjhaover 6 years ago

Hooray for KASAN!

评论 #19211176 未加载

uvestenover 6 years ago

Is this a remote exploit? The NIST page seems to say so.

评论 #19211466 未加载

评论 #19213563 未加载

评论 #19211248 未加载

评论 #19213237 未加载

birbieover 6 years ago

I haven't seen any POC exploits at all yet. Will be looking around this weekend.

评论 #19213528 未加载

jaboutboulover 6 years ago

Can someone please explain how exactly this is ACE?

评论 #19212622 未加载

skydeover 6 years ago

is it something using a safer language like Rust would have prevented ?

评论 #19228881 未加载

SilasXover 6 years ago

I really shouldn't comment on Linux kernel development, given mu lack of knowledge, but since this is a use-after-free vuln, doesn't that strengthen the case to moving to memory safe languages?

评论 #19216688 未加载

评论 #19212806 未加载

评论 #19213691 未加载

评论 #19213183 未加载

EthanHeilmanover 6 years ago

Is this patched or is everything vulnerable?

评论 #19211752 未加载

Fnoordover 6 years ago

Found by Huawei engineer Mao Wenan.

broknbottleover 6 years ago

ahh looks like they have updated page to include 4.20.11. I was gonna say after checking the source, both the latest and mainline are affected.

16 comments

ebiggersover 6 years ago

评论 #19213168 未加载

sargunover 6 years ago

How does this use-after-free turn into an arbitrary code execution vuln? I don't see any jmp to the pointer?

评论 #19211641 未加载

评论 #19211122 未加载

评论 #19211203 未加载

评论 #19211106 未加载

ptrincrover 6 years ago

评论 #19211438 未加载

评论 #19211462 未加载

shereadsthenewsover 6 years ago

FYI there has not ever been a Linux kernel that lacks an exploit available to, at least, local users. There is every reason to believe that the current kernel contains at least one such flaw.

评论 #19212333 未加载

评论 #19211936 未加载

blattimwindover 6 years ago

Better link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-8912" rel="nofollow">https://nvd.nist.gov/vuln/detail/CVE-2019-8912</a>

pmoriartyover 6 years ago

Where is crypto/af_alg.c actually used? In what use cases does this vulnerability come in to play?

评论 #19211722 未加载

评论 #19213792 未加载

评论 #19217951 未加载

评论 #19211700 未加载

cmurfover 6 years ago

I'm not seeing the patch in 4.20.11's changelog or any of the longterm kernel versions posted today.

评论 #19211556 未加载

评论 #19211332 未加载

saagarjhaover 6 years ago

Hooray for KASAN!

评论 #19211176 未加载

uvestenover 6 years ago

Is this a remote exploit? The NIST page seems to say so.

评论 #19211466 未加载

评论 #19213563 未加载

评论 #19211248 未加载

评论 #19213237 未加载

birbieover 6 years ago

I haven't seen any POC exploits at all yet. Will be looking around this weekend.

评论 #19213528 未加载

jaboutboulover 6 years ago

Can someone please explain how exactly this is ACE?

评论 #19212622 未加载

skydeover 6 years ago

is it something using a safer language like Rust would have prevented ?

评论 #19228881 未加载

SilasXover 6 years ago

I really shouldn't comment on Linux kernel development, given mu lack of knowledge, but since this is a use-after-free vuln, doesn't that strengthen the case to moving to memory safe languages?

评论 #19216688 未加载

评论 #19212806 未加载

评论 #19213691 未加载

评论 #19213183 未加载

EthanHeilmanover 6 years ago

Is this patched or is everything vulnerable?

评论 #19211752 未加载

Fnoordover 6 years ago

Found by Huawei engineer Mao Wenan.

broknbottleover 6 years ago

ahh looks like they have updated page to include 4.20.11. I was gonna say after checking the source, both the latest and mainline are affected.

Linux Kernel Through 4.20.10 Found Vulnerable to Arbitrary Code Execution

16 comments

Linux Kernel Through 4.20.10 Found Vulnerable to Arbitrary Code Execution

16 comments