[LTP] [PATCH v2] Add a regression test for cve-2017-15649

Petr Vorel pvorel@suse.cz
Wed Jan 29 17:10:01 CET 2020


Hi Michie,

> net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local
> users to gain privileges via crafted system calls that trigger
> mishandling of packet_fanout data structures, because of a race
> condition (involving fanout_add and packet_do_bind) that leads to a
> use-after-free.
> 
> See https://ssd-disclosure.com/archives/3484 for more detail.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Thanks for your work!

Fuzzy sync library changes now LGTM, but I'd Richie or somebody else to double
check.

What a shame it requires Kasan for reproducing.

> +++ b/testcases/cve/Makefile
> @@ -46,5 +46,6 @@ cve-2017-17052:	CFLAGS += -pthread
>  cve-2017-17053:	CFLAGS += -pthread
>  
>  cve-2015-3290:	CFLAGS += -pthread
> +cve-2017-15649: CFLAGS += -pthread

testcases/cve/../../include/tst_fuzzy_sync.h:342: undefined reference to `clock_gettime'

You also need link with -lrt, otherwise it fails to build on very old distros:
cve-2017-15649: LDLIBS += -lrt

Kind regards,
Petr


More information about the ltp mailing list