Bug 1070264 – VUL-0: CVE-2017-17053: kernel-source: The init_new_context function in arch/x86/include/asm/mmu_context.h inthe Linux kernel before 4.12.10 does not correctly handle errors fromLDT table allocation when forking a new process, allowing a l

Bug 1070264 - (CVE-2017-17053) VUL-0: CVE-2017-17053: kernel-source: The init_new_context function in arch/x86/include/asm/mmu_context.h inthe Linux kernel before 4.12.10 does not correctly handle errors fromLDT table allocation when forking a new process, allowing a l

(CVE-2017-17053)
Summary:	VUL-0: CVE-2017-17053: kernel-source: The init_new_context function in arch/x...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/195761/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-11-29 07:10 UTC by Marcus Meissner
Modified:	2018-06-08 09:49 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-11-29 07:10:21 UTC

CVE-2017-17053

The init_new_context function in arch/x86/include/asm/mmu_context.h in
the Linux kernel before 4.12.10 does not correctly handle errors from
LDT table allocation when forking a new process, allowing a local
attacker to achieve a use-after-free or possibly have unspecified other
impact by running a specially crafted program. This vulnerability only
affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17053

Comment 1 Marcus Meissner 2017-11-29 07:11:47 UTC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc

Fixes: 39a0526fb3f7

seems to point to 4.6+

Comment 3 Michal Hocko 2017-11-29 09:27:29 UTC

Could you have a look Boris?

Comment 4 Borislav Petkov 2018-02-02 16:13:44 UTC

master: not needed since a4828f81037f ("x86/ldt: Prevent LDT inheritance on exec") in 4.15 rewrote that part.

Comment 8 Marcus Meissner 2018-03-14 07:52:11 UTC

done

Comment 9 Marcus Meissner 2018-06-08 09:24:59 UTC

see bug 1055963

Comment 13 Marcus Meissner 2018-06-08 09:49:25 UTC

resolved via bug 1055963. livepatch bug opened.