[PATCH 0/1][SRU][X] Bad posix clock speculation mitigation backport (LP: #1847189)
Tyler Hicks
tyhicks at canonical.com
Tue Oct 8 06:10:14 UTC 2019
BugLink: https://launchpad.net/bugs/1847189
[Impact]
Vitaly Nikolenko pointed out that syscall(__NR_clock_gettime, 10, 0) can
be used to perform a denial of service (system crash) or possibly
execute arbitrary code in the Ubuntu Xenial kernel:
https://twitter.com/vnik5287/status/1180666151216435200
[Test Case]
Execute the following test program and verify that it prints out
"clock_gettime: Invalid argument" rather than triggering a NULL pointer
dereference and stack trace in the kernel logs.
==========
#include <stdio.h>
#include <time.h>
int main(void)
{
int rc = clock_gettime(10, 0);
if (rc < 0)
perror("clock_gettime");
return rc;
}
==========
[Regression Potential]
Low. The fix is easy to review and fixes a denial of service issue
that's trivial to trigger.
Tyler
Tyler Hicks (1):
UBUNTU: SAUCE: Fix posix clock speculation mitigation backport
kernel/time/posix-timers.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--
2.17.1
More information about the kernel-team
mailing list