BUG: 64-bit argument comparisons do not work correctly (CVE-2019-9893) #139
Comments
pcmoore
changed the title
|
Jann has done some searching/investigation using https://codesearch.debian.net and it would appear that only systemd and Tor appear to be using libseccomp in such a way as to trigger the bad code. In the case of systemd this appears to affect the socket address family and scheduling class filters. In the case of Tor it appears that the bad filters could impact the memory addresses passed to mprotect(2). While I have verified the bug exists in libseccomp, I have not verified the implications to systemd, Tor, or any other applications/libraries. |
|
This problem is fixed with commit c5bf78d, although commit cf5d153 is strongly recommended as it fixes some filter performance degradation in the fix. From a testing perspective, commits 2878b8b, 3da42d7, b29eda9 both take the fix into account and help ensure we test for this bug in future releases. |
pcmoore
changed the title
|
Adjusting the subject line to reference CVE-2019-9893 |
Source: meta-security MR: 00000 Type: Integration Disposition: Merged from meta-security ChangeID: eae5224 Description: Update the syscall table for Linux v5.0-rc5. also a security releated issue; seccomp/libseccomp#139 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Update the syscall table for Linux v5.0-rc5. also a security releated issue; seccomp/libseccomp#139 Signed-off-by: Armin Kuster <akuster808@gmail.com>
Update the syscall table for Linux v5.0-rc5. also a security releated issue; seccomp/libseccomp#139 Signed-off-by: Armin Kuster <akuster808@gmail.com>
Jann Horn reported a problem with libseccomp where our approach to doing 64-bit comparisons using 32-bit operators was just plain wrong, leading to a number of potential problems with filters that used the LT, GT, LE, or GE operators.
The text was updated successfully, but these errors were encountered: