| 2017-04-17 21:20:54 |
Leann Ogasawara |
bug |
|
|
added bug |
| 2017-04-17 21:21:35 |
Leann Ogasawara |
nominated for series |
|
Ubuntu Yakkety |
|
| 2017-04-17 21:21:35 |
Leann Ogasawara |
bug task added |
|
linux-raspi2 (Ubuntu Yakkety) |
|
| 2017-04-17 21:21:35 |
Leann Ogasawara |
nominated for series |
|
Ubuntu Zesty |
|
| 2017-04-17 21:21:35 |
Leann Ogasawara |
bug task added |
|
linux-raspi2 (Ubuntu Zesty) |
|
| 2017-04-17 21:21:35 |
Leann Ogasawara |
nominated for series |
|
Ubuntu Xenial |
|
| 2017-04-17 21:21:35 |
Leann Ogasawara |
bug task added |
|
linux-raspi2 (Ubuntu Xenial) |
|
| 2017-04-18 17:20:16 |
Leann Ogasawara |
description |
Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible. |
Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible.
Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.:
CONFIG_HARDENED_USERCOPY=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_DEBUG_LIST=y
CONFIG_DEBUG_CREDENTIALS=y
I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel. |
|
| 2017-04-18 17:23:36 |
Leann Ogasawara |
description |
Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible.
Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.:
CONFIG_HARDENED_USERCOPY=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_DEBUG_LIST=y
CONFIG_DEBUG_CREDENTIALS=y
I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel. |
Kees Cook is requesting the following be enabled for our Raspi2/3 enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible.
Similarly, Kees noted that all the configs from ubuntu's 4.8 new defaults seem to be missing for raspi2/3. e.g.:
CONFIG_HARDENED_USERCOPY=y
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_DEBUG_LIST=y
CONFIG_DEBUG_CREDENTIALS=y
Kees also noted that it may ust be armhf/arm64 issue with the config.common.ubuntu being out of sync because fixing that solved his missing configs.
I suspect what actually needs to happen is a full config review comparison for our linux-raspi2 kernel. |
|
| 2017-05-17 16:20:24 |
Kleber Sacilotto de Souza |
linux-raspi2 (Ubuntu Xenial): status |
New |
Fix Committed |
|
| 2017-06-06 13:18:14 |
Kleber Sacilotto de Souza |
tags |
|
verification-done-xenial |
|
| 2017-06-06 15:06:27 |
Launchpad Janitor |
linux-raspi2 (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
| 2017-06-06 15:06:27 |
Launchpad Janitor |
cve linked |
|
2017-0605 |
|
| 2017-06-30 09:55:43 |
Juerg Haefliger |
linux-raspi2 (Ubuntu Yakkety): status |
New |
Fix Committed |
|
| 2017-06-30 09:55:48 |
Juerg Haefliger |
linux-raspi2 (Ubuntu Zesty): status |
New |
Fix Committed |
|
