Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
BUG: 64-bit argument comparisons do not work correctly (CVE-2019-9893) #139
Jann has done some searching/investigation using https://codesearch.debian.net and it would appear that only systemd and Tor appear to be using libseccomp in such a way as to trigger the bad code. In the case of systemd this appears to affect the socket address family and scheduling class filters. In the case of Tor it appears that the bad filters could impact the memory addresses passed to mprotect(2).
While I have verified the bug exists in libseccomp, I have not verified the implications to systemd, Tor, or any other applications/libraries.
referenced this issue
Mar 15, 2019
pushed a commit
Mar 20, 2019
Adjusting the subject line to reference CVE-2019-9893