]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d32b9e7) | patch
pktcdvd: Fix possible Spectre-v1 for pkt_devs
authorJinbum Park <jinb.park7@gmail.com>
Sat, 28 Jul 2018 04:20:44 +0000 (13:20 +0900)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 24 Apr 2019 08:09:07 +0000 (10:09 +0200)
commitf2ddb34ac2deb8f4b64e61f3685fe91e25dfe3d8
tree4433668444f8a886244326389a76613477fccb7atree
parentd32b9e71dd57ecc19ffbbf2b6b1fe308ab5c523bcommit | diff
pktcdvd: Fix possible Spectre-v1 for pkt_devs

User controls @dev_minor which to be used as index of pkt_devs.
So, It can be exploited via Spectre-like attack. (speculative execution)

This kind of attack leaks address of pkt_devs, [1]
It leads an attacker to bypass security mechanism such as KASLR.

So sanitize @dev_minor before using it to prevent attack.

[1] https://github.com/jinb-park/linux-exploit/
tree/master/exploit-remaining-spectre-gadget/leak_pkt_devs.c

Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
CVE-2017-5753

(cherry picked from commit 55690c07b44a82cc3359ce0c233f4ba7d80ba145)
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
drivers/block/pktcdvd.c diff | blob | blame | history
ubuntu-bionic-kernel mirror