lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20230731164237.48365-1-lersek@redhat.com>
Date:   Mon, 31 Jul 2023 18:42:35 +0200
From:   Laszlo Ersek <lersek@...hat.com>
To:     linux-kernel@...r.kernel.org, lersek@...hat.com
Cc:     Eric Dumazet <edumazet@...gle.com>,
        Lorenzo Colitti <lorenzo@...gle.com>,
        Paolo Abeni <pabeni@...hat.com>,
        Pietro Borrello <borrello@...g.uniroma1.it>,
        netdev@...r.kernel.org, stable@...r.kernel.org
Subject: [PATCH 0/2] tun/tap: set sk_uid from current_fsuid()

The original patches fixing CVE-2023-1076 are incorrect in my opinion.
This small series fixes them up; see the individual commit messages for
explanation.

I have a very elaborate test procedure demonstrating the problem for
both tun and tap; it involves libvirt, qemu, and "crash". I can share
that procedure if necessary, but it's indeed quite long (I wrote it
originally for our QE team).

The patches in this series are supposed to "re-fix" CVE-2023-1076; given
that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this
publicly, and not suggesting any embargo. Red Hat Product Security may
assign a new CVE number later.

I've tested the patches on top of v6.5-rc4, with "crash" built at commit
c74f375e0ef7.

Cc: Eric Dumazet <edumazet@...gle.com>
Cc: Lorenzo Colitti <lorenzo@...gle.com>
Cc: Paolo Abeni <pabeni@...hat.com>
Cc: Pietro Borrello <borrello@...g.uniroma1.it>
Cc: netdev@...r.kernel.org
Cc: stable@...r.kernel.org

Laszlo Ersek (2):
  net: tun_chr_open(): set sk_uid from current_fsuid()
  net: tap_open(): set sk_uid from current_fsuid()

 drivers/net/tap.c | 2 +-
 drivers/net/tun.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


base-commit: 5d0c230f1de8c7515b6567d9afba1f196fb4e2f4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ