[UBUNTU oem-5.14, jammy, oem-5.17, kinetic, oem-6.0, unstable 0/2] CVE-2022-4378
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Dec 12 21:05:45 UTC 2022
[Impact]
Unprivileged user could cause stack overflow when writing too many
whitespaces on a sysctl file. Using user/network namespaces make it possible
for unprivileged users.
[Testing]
A simple script was used to test it. The fix worked on the tested 5.14, 5.15,
5.19 and 6.1 kernels.
[Potential regression]
Writing to sysctl files may fail or parse incorrectly.
Linus Torvalds (2):
proc: proc_skip_spaces() shouldn't think it is working on C strings
proc: avoid integer type confusion in get_proc_long
kernel/sysctl.c | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list