Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add CVE-2019-15902 #304

Open
asarubbo opened this issue Sep 9, 2019 · 1 comment
Open

add CVE-2019-15902 #304

asarubbo opened this issue Sep 9, 2019 · 1 comment
Labels
information

Comments

@asarubbo
Copy link

asarubbo commented Sep 9, 2019

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
@speed47
Copy link
Owner

speed47 commented Sep 22, 2019

This CVE points out a bad backport of a fix on stable kernels, the diff fixing it is as follows:

diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
index 1ca929767a1b..0b6d27dfc234 100644
--- a/arch/x86/kernel/ptrace.c
+++ b/arch/x86/kernel/ptrace.c
@@ -698,11 +698,10 @@ static unsigned long ptrace_get_debugreg(struct task_struct *tsk, int n)
 {
        struct thread_struct *thread = &tsk->thread;
        unsigned long val = 0;
-       int index = n;

        if (n < HBP_NUM) {
+               int index = array_index_nospec(n, HBP_NUM);
                struct perf_event *bp = thread->ptrace_bps[index];
-               index = array_index_nospec(index, HBP_NUM);

                if (bp)
                        val = bp->hw.info.address;

It's going to be almost impossible to detect it on a running kernel, unfortunately.

Keeping this open just for information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@speed47 @asarubbo