I've verified the kernel in xenial-proposed:
tyhicks@sec-xenial-amd64:~$ cat /proc/version_signature
Ubuntu 4.4.0-167.196-generic 4.4.197
tyhicks@sec-xenial-amd64:~$ cat test.c
#include <stdio.h>
#include <time.h>
int main(void)
{
int rc = clock_gettime(10, 0);
if (rc < 0)
perror("clock_gettime");
return rc;
}
tyhicks@sec-xenial-amd64:~$ gcc -o test test.c
tyhicks@sec-xenial-amd64:~$ ./test
clock_gettime: Invalid argument
There's no NULL pointer deref or any other sort of error induced by the test
case in the kernel log.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1847189
Title:
Bad posix clock speculation mitigation backport
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Xenial:
Fix Committed
Bug description:
[Impact]
Vitaly Nikolenko pointed out that syscall(__NR_clock_gettime, 10, 0)
can be used to perform a denial of service (system crash) or possibly
execute arbitrary code in the Ubuntu Xenial kernel:
https://twitter.com/vnik5287/status/1180666151216435200
[Test Case]
Execute the following test program and verify that it prints out
"clock_gettime: Invalid argument" rather than triggering a NULL
pointer dereference and stack trace in the kernel logs.
==========
#include <stdio.h>
#include <time.h>
int main(void)
{
int rc = clock_gettime(10, 0);
if (rc < 0)
perror("clock_gettime");
return rc;
}
==========
[Regression Potential]
Low. The fix is easy to review and fixes a denial of service issue
that's trivial to trigger.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1847189/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
