| Message ID | 20230404135514.2227926-1-cascardo@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2022-2590 | expand |
On 4/4/23 7:55 AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > Attackers can write to shmem files (on tmpfs, for example) without having write permissions. > > [Fix] > The upstream fix is not appropriate to 5.17 and the suggestion was to revert the offending commit. > > [Test case] > PoC was tested and stopped working with the revert applied. > > Thadeu Lima de Souza Cascardo (1): > UBUNTU: SAUCE: Revert "mm/shmem: unconditionally set pte dirty in > mfill_atomic_install_pte" > > mm/shmem.c | 1 + > mm/userfaultfd.c | 3 ++- > 2 files changed, 3 insertions(+), 1 deletion(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com> Is this really a SAUCE patch ?
On Tue, Apr 04, 2023 at 08:50:42AM -0600, Tim Gardner wrote: > On 4/4/23 7:55 AM, Thadeu Lima de Souza Cascardo wrote: > > [Impact] > > Attackers can write to shmem files (on tmpfs, for example) without having write permissions. > > > > [Fix] > > The upstream fix is not appropriate to 5.17 and the suggestion was to revert the offending commit. > > > > [Test case] > > PoC was tested and stopped working with the revert applied. > > > > Thadeu Lima de Souza Cascardo (1): > > UBUNTU: SAUCE: Revert "mm/shmem: unconditionally set pte dirty in > > mfill_atomic_install_pte" > > > > mm/shmem.c | 1 + > > mm/userfaultfd.c | 3 ++- > > 2 files changed, 3 insertions(+), 1 deletion(-) > > > Acked-by: Tim Gardner <tim.gardner@canonical.com> > > Is this really a SAUCE patch ? > -- > ----------- > Tim Gardner > Canonical, Inc > It is because it has not been reverted upstream, but fixed properly. The proper fix was just not easily backported to 5.17. Cascardo.
On 23/04/04 10:55AM, Thadeu Lima de Souza Cascardo wrote: > [Impact] > Attackers can write to shmem files (on tmpfs, for example) without having write permissions. > > [Fix] > The upstream fix is not appropriate to 5.17 and the suggestion was to revert the offending commit. > > [Test case] > PoC was tested and stopped working with the revert applied. > > Thadeu Lima de Souza Cascardo (1): > UBUNTU: SAUCE: Revert "mm/shmem: unconditionally set pte dirty in > mfill_atomic_install_pte" > > mm/shmem.c | 1 + > mm/userfaultfd.c | 3 ++- > 2 files changed, 3 insertions(+), 1 deletion(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Thadeu Lima de Souza Cascardo kirjoitti 4.4.2023 klo 16.55: > [Impact] > Attackers can write to shmem files (on tmpfs, for example) without having write permissions. > > [Fix] > The upstream fix is not appropriate to 5.17 and the suggestion was to revert the offending commit. > > [Test case] > PoC was tested and stopped working with the revert applied. > > Thadeu Lima de Souza Cascardo (1): > UBUNTU: SAUCE: Revert "mm/shmem: unconditionally set pte dirty in > mfill_atomic_install_pte" > > mm/shmem.c | 1 + > mm/userfaultfd.c | 3 ++- > 2 files changed, 3 insertions(+), 1 deletion(-) > applied to oem-5-17, thanks
[Impact] Attackers can write to shmem files (on tmpfs, for example) without having write permissions. [Fix] The upstream fix is not appropriate to 5.17 and the suggestion was to revert the offending commit. [Test case] PoC was tested and stopped working with the revert applied. Thadeu Lima de Souza Cascardo (1): UBUNTU: SAUCE: Revert "mm/shmem: unconditionally set pte dirty in mfill_atomic_install_pte" mm/shmem.c | 1 + mm/userfaultfd.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-)