Bug 1196134 (CVE-2022-25265)

Summary:	VUL-1: CVE-2022-25265: kernel-source-azure,kernel-source,kernel-source-rt: Executable Space Protection Bypass
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Robert Frohl <rfrohl>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	meissner, mhocko, smash_bz
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/324010/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Robert Frohl 2022-02-18 09:07:11 UTC

rh#2055499

In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.

https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294
https://github.com/x0reaxeax/exec-prot-bypass

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2055499
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25265
https://github.com/x0reaxeax/exec-prot-bypass
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25265
https://github.com/torvalds/linux/blob/1c33bb0507508af24fd754dd7123bd8e997fab2f/arch/x86/include/asm/elf.h#L281-L294
http://www.cvedetails.com/cve/CVE-2022-25265/

Comment 4 Robert Frohl 2022-02-18 11:20:39 UTC

verified that this does not affect any of the binaries we build currently. I think it is safe to close as invalid.

Comment 5 Marcus Meissner 2022-02-18 12:39:28 UTC

this seems to be really a non-issue... 

while we are not blocking this binaries, we do not have any and if someone can inject binaries he can just inject a normal one.