This bug was fixed in the package linux - 4.8.0-27.29
---------------
linux (4.8.0-27.29) yakkety; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1635377
* proc_keys_show crash when reading /proc/keys (LP: #1634496)
- SAUCE: KEYS: ensure xbuf is large enough to fix buffer overflow in
proc_keys_show (LP: #1634496)
* Revert "If zone is so small that watermarks are the same, stop zone balance"
in yakkety (LP: #1632894)
- Revert "UBUNTU: SAUCE: (no-up) If zone is so small that watermarks are the
same, stop zone balance."
* lts-yakkety 4.8 cannot mount lvm raid1 (LP: #1631298)
- SAUCE: (no-up) dm raid: fix compat_features validation
* kswapd0 100% CPU usage (LP: #1518457)
- SAUCE: (no-up) If zone is so small that watermarks are the same, stop zone
balance.
* [Trusty->Yakkety] powerpc/64: Fix incorrect return value from
__copy_tofrom_user (LP: #1632462)
- SAUCE: (no-up) powerpc/64: Fix incorrect return value from
__copy_tofrom_user
* Ubuntu 16.10: Oops panic in move_page_tables/page_remove_rmap after running
memory_stress_ng. (LP: #1628976)
- SAUCE: (no-up) powerpc/pseries: Fix stack corruption in htpe code
* Paths not failed properly when unmapping virtual FC ports in VIOS (using
ibmvfc) (LP: #1632116)
- scsi: ibmvfc: Fix I/O hang when port is not mapped
* [Ubuntu16.10]KV4.8: kernel livepatch config options are not set
(LP: #1626983)
- [Config] Enable live patching on powerpc/ppc64el
* CONFIG_AUFS_XATTR is not set (LP: #1557776)
- [Config] CONFIG_AUFS_XATTR=y
* Yakkety update to 4.8.1 stable release (LP: #1632445)
- arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
- Using BUG_ON() as an assert() is _never_ acceptable
- usb: misc: legousbtower: Fix NULL pointer deference
- Staging: fbtft: Fix bug in fbtft-core
- usb: usbip: vudc: fix left shift overflow
- USB: serial: cp210x: Add ID for a Juniper console
- Revert "usbtmc: convert to devm_kzalloc"
- ALSA: hda - Adding one more ALC255 pin definition for headset problem
- ALSA: hda - Fix headset mic detection problem for several Dell laptops
- ALSA: hda - Add the top speaker pin config for HP Spectre x360
- Linux 4.8.1
* PSL data cache should be flushed before resetting CAPI adapter
(LP: #1632049)
- cxl: Flush PSL cache before resetting the adapter
* thunder nic: avoid link delays due to RX_PACKET_DIS (LP: #1630038)
- net: thunderx: Don't set RX_PACKET_DIS while initializing
* crypto/vmx/p8_ghash memory corruption (LP: #1630970)
- crypto: ghash-generic - move common definitions to a new header file
- crypto: vmx - Fix memory corruption caused by p8_ghash
- crypto: vmx - Ensure ghash-generic is enabled
* arm64: SPCR console not autodetected (LP: #1630311)
- of/serial: move earlycon early_param handling to serial
- [Config] CONFIG_ACPI_SPCR_TABLE=y
- ACPI: parse SPCR and enable matching console
- ARM64: ACPI: enable ACPI_SPCR_TABLE
- serial: pl011: add console matching function
* include/linux/security.h header syntax error with !CONFIG_SECURITYFS
(LP: #1630990)
- SAUCE: (no-up) include/linux/security.h -- fix syntax error with
CONFIG_SECURITYFS=n
* sha1-powerpc returning wrong results (LP: #1629977)
- crypto: sha1-powerpc - little-endian support
-- Seth Forshee <seth.fors...@canonical.com> Thu, 20 Oct 2016 14:09:37
-0500
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1634496
Title:
proc_keys_show crash when reading /proc/keys
Status in Linux:
Unknown
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Released
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Bug description:
Running stress-ng /proc test trips the following crash:
[ 5315.044206] Kernel panic - not syncing: stack-protector: Kernel stack is
corrupted in: ffffffff8956b1ae
[ 5315.044206]
[ 5315.044883] CPU: 0 PID: 4820 Comm: Tainted: P OE
4.8.0-25-generic #27-Ubuntu
[ 5315.045361] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
Ubuntu-1.8.2-1ubuntu2 04/01/2014
[ 5315.045911] 0000000000000086 00000000b337622b ffff8fe574f37c78
ffffffff8962f5d2
[ 5315.046371] 00000000b3405b00 ffffffff89e83530 ffff8fe574f37d00
ffffffff8939e71c
[ 5315.046841] ffff8fe500000010 ffff8fe574f37d10 ffff8fe574f37ca8
00000000b337622b
[ 5315.047305] Call Trace:
[ 5315.047457] [<ffffffff8962f5d2>] dump_stack+0x63/0x81
[ 5315.047763] [<ffffffff8939e71c>] panic+0xe4/0x226
[ 5315.048049] [<ffffffff8956b1ae>] ? proc_keys_show+0x3ce/0x3d0
[ 5315.048398] [<ffffffff89282b89>] __stack_chk_fail+0x19/0x30
[ 5315.048735] [<ffffffff8956b1ae>] proc_keys_show+0x3ce/0x3d0
[ 5315.049072] [<ffffffff895686b0>] ? key_validate+0x50/0x50
[ 5315.049396] [<ffffffff89565d70>] ? key_default_cmp+0x20/0x20
[ 5315.049737] [<ffffffff89459832>] seq_read+0x102/0x3c0
[ 5315.050042] [<ffffffff894a6302>] proc_reg_read+0x42/0x70
[ 5315.050363] [<ffffffff89432448>] __vfs_read+0x18/0x40
[ 5315.050674] [<ffffffff89432ba6>] vfs_read+0x96/0x130
[ 5315.050977] [<ffffffff89434085>] SyS_read+0x55/0xc0
[ 5315.051275] [<ffffffff89a9f076>] entry_SYSCALL_64_fastpath+0x1e/0xa8
[ 5315.051735] Kernel Offset: 0x8200000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[ 5315.052563] ---[ end Kernel panic - not syncing: stack-protector: Kernel
stack is corrupted in: ffffffff8956b1ae
[ 5315.052563]
"The proc_keys_show function in security/keys/proc.c in the Linux
kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack
protector is enabled, uses an incorrect buffer size for certain
timeout data, which allows local users to cause a denial of service
(stack memory corruption and panic) by reading the /proc/keys file."
Fix detailed in: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
see: https://bugzilla.redhat.com/attachment.cgi?id=1200212&action=diff
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1634496/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
