[yocto-security] FW: Linux kernel: use after free in keyring facility.

[Bruce Ashfield]

And I pushed patches to all the linux-yocto* kernel's last night,
if anyone needs the fix and is using those kernels.

Bruce

On 2016-01-21 2:28 AM, Sona Sarmadi wrote:
> FYI,
>
> More info:
> http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
> http://www.theregister.co.uk/2016/01/19/linux_kernel_keyrings_get_privilege_escalation_patch/
>
> //Sona
>> -----Original Message-----
>> From: Wade Mealing [mailto:wmealing at redhat.com]
>> Sent: den 19 januari 2016 12:59
>> To: OSS Security List <oss-security at lists.openwall.com>
>> Subject: [oss-security] Linux kernel: use after free in keyring facility.
>>
>> Gday,
>>
>> It was reported that possible use-after-free vulnerability in keyring
>> facility, possibly leading to local privilege escalation was found. The
>> function join_session_keyring in security/keys/process_keys.c holds a
>> reference to the requested keyring, but if that keyring is the same as the
>> one being currently used by the process, the kernel wouldn't decrease
>> keyring->usage before returning to userspace. The usage field can be
>> overflowed causing use-after-free on the keyring object.
>>
>> This was introduced in commit
>> 3a50597de8635cd05133bd12c95681c82fe7b878.
>>
>> Perception point reported this vulnerability to Red Hat and it has been
>> assigned CVE-2016_0728.
>>
>> Red Hat Bugzilla flaw:
>>   https://bugzilla.redhat.com/show_bug.cgi?id=1297475
>>
>> Investigation:
>>   http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-
>> linux-kernel-vulnerability-cve-2016-0728/
>>
>> Patches will be available shortly with the upstream fix and are also
>> explained in the investigation link above.
> _______________________________________________
> yocto-security mailing list
> yocto-security at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto-security
>