This bug was fixed in the package linux - 3.2.0-115.157
---------------
linux (3.2.0-115.157) precise; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1636537
* CVE-2016-5195
- Revert "UBUNTU:SAUCE: mm: remove gup_flags FOLL_WRITE games from
__get_user_pages()"
- mm, gup: close FOLL MAP_PRIVATE race
linux (3.2.0-114.156) precise; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1635436
* proc_keys_show crash when reading /proc/keys (LP: #1634496)
- SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
proc_keys_show (LP: #1634496)
* CVE-2016-7117
- net: Fix use after free in the recvmmsg exit path
* CVE-2015-7833
- usbvision: revert commit 588afcc1
-- Seth Forshee <seth.fors...@canonical.com> Tue, 25 Oct 2016 09:58:32
-0500
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1634496
Title:
proc_keys_show crash when reading /proc/keys
Status in Linux:
Unknown
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Yakkety:
Fix Committed
Bug description:
Running stress-ng /proc test trips the following crash:
[ 5315.044206] Kernel panic - not syncing: stack-protector: Kernel stack is
corrupted in: ffffffff8956b1ae
[ 5315.044206]
[ 5315.044883] CPU: 0 PID: 4820 Comm: Tainted: P OE
4.8.0-25-generic #27-Ubuntu
[ 5315.045361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu2 04/01/2014
[ 5315.045911] 0000000000000086 00000000b337622b ffff8fe574f37c78
ffffffff8962f5d2
[ 5315.046371] 00000000b3405b00 ffffffff89e83530 ffff8fe574f37d00
ffffffff8939e71c
[ 5315.046841] ffff8fe500000010 ffff8fe574f37d10 ffff8fe574f37ca8
00000000b337622b
[ 5315.047305] Call Trace:
[ 5315.047457] [<ffffffff8962f5d2>] dump_stack+0x63/0x81
[ 5315.047763] [<ffffffff8939e71c>] panic+0xe4/0x226
[ 5315.048049] [<ffffffff8956b1ae>] ? proc_keys_show+0x3ce/0x3d0
[ 5315.048398] [<ffffffff89282b89>] __stack_chk_fail+0x19/0x30
[ 5315.048735] [<ffffffff8956b1ae>] proc_keys_show+0x3ce/0x3d0
[ 5315.049072] [<ffffffff895686b0>] ? key_validate+0x50/0x50
[ 5315.049396] [<ffffffff89565d70>] ? key_default_cmp+0x20/0x20
[ 5315.049737] [<ffffffff89459832>] seq_read+0x102/0x3c0
[ 5315.050042] [<ffffffff894a6302>] proc_reg_read+0x42/0x70
[ 5315.050363] [<ffffffff89432448>] __vfs_read+0x18/0x40
[ 5315.050674] [<ffffffff89432ba6>] vfs_read+0x96/0x130
[ 5315.050977] [<ffffffff89434085>] SyS_read+0x55/0xc0
[ 5315.051275] [<ffffffff89a9f076>] entry_SYSCALL_64_fastpath+0x1e/0xa8
[ 5315.051735] Kernel Offset: 0x8200000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[ 5315.052563] ---[ end Kernel panic - not syncing: stack-protector: Kernel
stack is corrupted in: ffffffff8956b1ae
[ 5315.052563]
"The proc_keys_show function in security/keys/proc.c in the Linux
kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack
protector is enabled, uses an incorrect buffer size for certain
timeout data, which allows local users to cause a denial of service
(stack memory corruption and panic) by reading the /proc/keys file."
Fix detailed in: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
see: https://bugzilla.redhat.com/attachment.cgi?id=1200212&action=diff
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1634496/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
