oss-sec mailing list archives

[vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ

From: John Johansen <john.johansen () canonical com>
Date: Fri, 10 Jun 2016 14:46:23 -0700

This is a forward notification of a local priv escalation flaw from
security () kernel org to the OSS security list. The CRD was for
2016-06-08 14:00:00 UTC. Patches attached to the email.

The flaw in eCryptfs was assigned CVE-2016-1583.

If backporting these patches to kernels pre 4.6 you may need to
cherry-pick patch 6a480a7842545ec520a91730209ec0bae41694c1

Attachment: 2of3.patch
Description:

Attachment: crasher.tar
Description:

Attachment: 1of3.patch
Description:

Attachment: 3of3.patch
Description:

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

[vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ John Johansen (Jun 10)
- Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Willy Tarreau (Jun 10)
- Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Solar Designer (Jun 22)
  - Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ henrix (Jun 22)