|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2021-07-20 14:35:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
A local root kernel vulnerability
Commit 8cae8cd89f05 went into the mainline kernel repository on July 19; it puts a limit on the size of buffers allocated in the seq_file mechanism and mentions "int overflow pitfalls". For more information, look to this Qualys advisory describing the vulnerability:
Commit 8cae8cd89f05 went into the mainline kernel repository on July 19; it puts a limit on the size of buffers allocated in the seq_file mechanism and mentions "int overflow pitfalls". For more information, look to this Qualys advisory describing the vulnerability:
We discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer.
It may not sound like much, but they claim to have written exploits for a number of Ubuntu, Debian, and Fedora distributions. Updates from distributors are already flowing, and this patch has been fast-tracked into today's stable kernel updates as well.
