[D/E/F][SRU] Fix for CVE-2019-19072

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[D/E/F][SRU] Fix for CVE-2019-19072

Connor Kuehl
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-19072

From the link above:

    "A memory leak in the predicate_parse() function in
    kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11
    allows attackers to cause a denial of service (memory consumption), aka
    CID-96c5c6e6a5b6."

Clean cherry pick.

It looks like Unstable already has this patch.

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[D/E/F][SRU][PATCH] tracing: Have error path in predicate_parse() free its allocated memory

Connor Kuehl
From: Navid Emamdoost <[hidden email]>

CVE-2019-19072

In predicate_parse, there is an error path that is not going to
out_free instead it returns directly which leads to a memory leak.

Link: http://lkml.kernel.org/r/20190920225800.3870-1-navid.emamdoost@...

Signed-off-by: Navid Emamdoost <[hidden email]>
Signed-off-by: Steven Rostedt (VMware) <[hidden email]>
(cherry picked from commit 96c5c6e6a5b6db592acae039fed54b5c8844cd35)
Signed-off-by: Connor Kuehl <[hidden email]>
---
 kernel/trace/trace_events_filter.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
index c773b8fb270c..c9a74f82b14a 100644
--- a/kernel/trace/trace_events_filter.c
+++ b/kernel/trace/trace_events_filter.c
@@ -452,8 +452,10 @@ predicate_parse(const char *str, int nr_parens, int nr_preds,
 
  switch (*next) {
  case '(': /* #2 */
- if (top - op_stack > nr_parens)
- return ERR_PTR(-EINVAL);
+ if (top - op_stack > nr_parens) {
+ ret = -EINVAL;
+ goto out_free;
+ }
  *(++top) = invert;
  continue;
  case '!': /* #3 */
--
2.17.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [D/E/F][SRU] Fix for CVE-2019-19072

Kamal Mostafa-2
In reply to this post by Connor Kuehl
LGTM.

Acked-by: Kamal Mostafa <[hidden email]>

 -Kamal

On Tue, Nov 26, 2019 at 09:36:37AM -0800, Connor Kuehl wrote:

> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-19072
>
> From the link above:
>
>     "A memory leak in the predicate_parse() function in
>     kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11
>     allows attackers to cause a denial of service (memory consumption), aka
>     CID-96c5c6e6a5b6."
>
> Clean cherry pick.
>
> It looks like Unstable already has this patch.
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [D/E/F][SRU] Fix for CVE-2019-19072

Andrea Righi
In reply to this post by Connor Kuehl
On Tue, Nov 26, 2019 at 09:36:37AM -0800, Connor Kuehl wrote:

> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-19072
>
> From the link above:
>
>     "A memory leak in the predicate_parse() function in
>     kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11
>     allows attackers to cause a denial of service (memory consumption), aka
>     CID-96c5c6e6a5b6."
>
> Clean cherry pick.
>
> It looks like Unstable already has this patch.

Looks like a sane fix to me.

Acked-by: Andrea Righi <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [D/E/F][SRU] Fix for CVE-2019-19072

Kamal Mostafa-2
In reply to this post by Connor Kuehl
LGTM.

Acked-by: Kamal Mostafa <[hidden email]>

 -Kamal

On Tue, Nov 26, 2019 at 09:36:37AM -0800, Connor Kuehl wrote:

> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-19072
>
> From the link above:
>
>     "A memory leak in the predicate_parse() function in
>     kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11
>     allows attackers to cause a denial of service (memory consumption), aka
>     CID-96c5c6e6a5b6."
>
> Clean cherry pick.
>
> It looks like Unstable already has this patch.
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED(D,E): [D/E/F][SRU] Fix for CVE-2019-19072

Khaled Elmously
In reply to this post by Connor Kuehl
On 2019-11-26 09:36:37 , Connor Kuehl wrote:

> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2019-19072
>
> From the link above:
>
>     "A memory leak in the predicate_parse() function in
>     kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11
>     allows attackers to cause a denial of service (memory consumption), aka
>     CID-96c5c6e6a5b6."
>
> Clean cherry pick.
>
> It looks like Unstable already has this patch.
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team