[Kernel-packages] [Bug 1909486] Re: tiocspgrp()" Privilege Escalation Vulnerability

[Steve Beattie]

** Information type changed from Private Security to Public Security

** Changed in: linux (Ubuntu)
       Status: New => Confirmed

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1909486

Title:
  tiocspgrp()" Privilege Escalation Vulnerability

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  A race condition error related to the "tiocspgrp()" function
  (drivers/tty/tty_jobctrl.c) can be exploited to trigger a use-after-
  free and subsequently gain elevated privileges.

  The vulnerability is reported in versions 5.9.x prior to 5.9.14, 5.4.x
  prior to 5.4.83, 4.19.x prior to 4.19.163, 4.14.x prior to 4.14.212,
  4.9.x prior to 4.9.248, and 4.4.x prior to 4.4.248.

  Affected Software

  The following software is affected by the described vulnerability.
  Please check the vendor links below to see if exactly your version is
  affected.

  Linux Kernel 4.14.x
  Linux Kernel 4.19.x
  Linux Kernel 4.4.x
  Linux Kernel 4.9.x
  Linux Kernel 5.4.x
  Linux Kernel 5.9.x

  Solution

  Update to a fixed version.

  Versions 5.9.x:
  Update to version 5.9.14 or later.

  Versions 5.4.x:
  Update to version 5.4.83 or later.

  Versions 4.19.x:
  Update to version 4.19.163.

  Versions 4.14.x:
  Update to version 4.14.212.

  Versions 4.9.x:
  Update to version 4.9.248.

  Versions 4.4.x:
  Update to version 4.4.248.

  References

  1. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14 
<https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.14>
  2. https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83 
<https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.83>
  3. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163 
<https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.163>
  4. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212 
<https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.212>
  5. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248 
<https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.248>
  6. https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248 
<https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.248>
  7. https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 
<https://bugs.chromium.org/p/project-zero/issues/detail?id=2125>
  8. 
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc
 
<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=54ffccbf053b5b6ca4f6e45094b942fab92a25fc>

  
  Detected in Ubuntu 16, which uses 4.4.x kernel.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1909486/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp