[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230731164237.48365-1-lersek@redhat.com>
Date: Mon, 31 Jul 2023 18:42:35 +0200
From: Laszlo Ersek <lersek@...hat.com>
To: linux-kernel@...r.kernel.org, lersek@...hat.com
Cc: Eric Dumazet <edumazet@...gle.com>,
Lorenzo Colitti <lorenzo@...gle.com>,
Paolo Abeni <pabeni@...hat.com>,
Pietro Borrello <borrello@...g.uniroma1.it>,
netdev@...r.kernel.org, stable@...r.kernel.org
Subject: [PATCH 0/2] tun/tap: set sk_uid from current_fsuid()
The original patches fixing CVE-2023-1076 are incorrect in my opinion.
This small series fixes them up; see the individual commit messages for
explanation.
I have a very elaborate test procedure demonstrating the problem for
both tun and tap; it involves libvirt, qemu, and "crash". I can share
that procedure if necessary, but it's indeed quite long (I wrote it
originally for our QE team).
The patches in this series are supposed to "re-fix" CVE-2023-1076; given
that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this
publicly, and not suggesting any embargo. Red Hat Product Security may
assign a new CVE number later.
I've tested the patches on top of v6.5-rc4, with "crash" built at commit
c74f375e0ef7.
Cc: Eric Dumazet <edumazet@...gle.com>
Cc: Lorenzo Colitti <lorenzo@...gle.com>
Cc: Paolo Abeni <pabeni@...hat.com>
Cc: Pietro Borrello <borrello@...g.uniroma1.it>
Cc: netdev@...r.kernel.org
Cc: stable@...r.kernel.org
Laszlo Ersek (2):
net: tun_chr_open(): set sk_uid from current_fsuid()
net: tap_open(): set sk_uid from current_fsuid()
drivers/net/tap.c | 2 +-
drivers/net/tun.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4
Powered by blists - more mailing lists