Issue metadata
Sign in to add a comment
|
CrOS: CVE-2017-0630 - Vulnerability reported in Linux kernel - trace subsystem |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2017-0630 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2017-0630 CVSS severity score: 2.6/10.0 Description: An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
May 22 2017
,
May 22 2017
,
May 22 2017
Mass-assigning Android May security bulletin issues to groeck@ to triage.
,
May 22 2017
,
May 22 2017
,
May 22 2017
Information leak through debug messages. chromeos-3.18 and older affected. Fixed by upstream commit 3debb0a9ddb1 ("tracing: Fix trace_printk() to print when not using bprintk()").
,
May 22 2017
,
May 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/6c213132137e4a61fee60719ab5effa01939f672 commit 6c213132137e4a61fee60719ab5effa01939f672 Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Mon May 22 23:30:22 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510822 [modify] https://crrev.com/6c213132137e4a61fee60719ab5effa01939f672/kernel/trace/trace_printk.c [modify] https://crrev.com/6c213132137e4a61fee60719ab5effa01939f672/include/linux/kernel.h
,
May 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/de69bbee2e72f025d344f4af63a6cffee8e79014 commit de69bbee2e72f025d344f4af63a6cffee8e79014 Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Mon May 22 23:30:20 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510808 Reviewed-by: Dylan Reid <dgreid@chromium.org> [modify] https://crrev.com/de69bbee2e72f025d344f4af63a6cffee8e79014/kernel/trace/trace_printk.c [modify] https://crrev.com/de69bbee2e72f025d344f4af63a6cffee8e79014/include/linux/kernel.h
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/6070d6aac230c6b07f0817e3ccd699cdaef08793 commit 6070d6aac230c6b07f0817e3ccd699cdaef08793 Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Tue May 23 07:15:03 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510807 [modify] https://crrev.com/6070d6aac230c6b07f0817e3ccd699cdaef08793/kernel/trace/trace_printk.c [modify] https://crrev.com/6070d6aac230c6b07f0817e3ccd699cdaef08793/include/linux/kernel.h
,
May 23 2017
,
May 23 2017
,
May 23 2017
Please mark security bugs as fixed as soon as the fix lands, and before requesting merges. This update is based on the merge- labels applied to this issue. Please reopen if this update was incorrect. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 23 2017
,
May 23 2017
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2bc5c637a6b7c0d69e440b47ab256deb27ba54d9 commit 2bc5c637a6b7c0d69e440b47ab256deb27ba54d9 Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Tue May 23 21:04:18 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510822 (cherry picked from commit 6c213132137e4a61fee60719ab5effa01939f672) Reviewed-on: https://chromium-review.googlesource.com/513106 [modify] https://crrev.com/2bc5c637a6b7c0d69e440b47ab256deb27ba54d9/kernel/trace/trace_printk.c [modify] https://crrev.com/2bc5c637a6b7c0d69e440b47ab256deb27ba54d9/include/linux/kernel.h
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/38fee63def88d84155a218e9d1a8132e1be555cd commit 38fee63def88d84155a218e9d1a8132e1be555cd Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Tue May 23 21:09:55 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510808 Reviewed-by: Dylan Reid <dgreid@chromium.org> (cherry picked from commit de69bbee2e72f025d344f4af63a6cffee8e79014) Reviewed-on: https://chromium-review.googlesource.com/513108 [modify] https://crrev.com/38fee63def88d84155a218e9d1a8132e1be555cd/kernel/trace/trace_printk.c [modify] https://crrev.com/38fee63def88d84155a218e9d1a8132e1be555cd/include/linux/kernel.h
,
May 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/e89534bbda3a34611da94cff62ca77c0215166db commit e89534bbda3a34611da94cff62ca77c0215166db Author: Steven Rostedt (Red Hat) <rostedt@goodmis.org> Date: Tue May 23 21:10:01 2017 UPSTREAM: tracing: Fix trace_printk() to print when not using bprintk() The trace_printk() code will allocate extra buffers if the compile detects that a trace_printk() is used. To do this, the format of the trace_printk() is saved to the __trace_printk_fmt section, and if that section is bigger than zero, the buffers are allocated (along with a message that this has happened). If trace_printk() uses a format that is not a constant, and thus something not guaranteed to be around when the print happens, the compiler optimizes the fmt out, as it is not used, and the __trace_printk_fmt section is not filled. This means the kernel will not allocate the special buffers needed for the trace_printk() and the trace_printk() will not write anything to the tracing buffer. Adding a "__used" to the variable in the __trace_printk_fmt section will keep it around, even though it is set to NULL. This will keep the string from being printed in the debugfs/tracing/printk_formats section as it is not needed. BUG= chromium:724788 TEST=Build and run Change-Id: Ib3174b493a43e4497c3402d5b84a80ce4c991bbf Reported-by: Vlastimil Babka <vbabka@suse.cz> Fixes: 07d777fe8c398 "tracing: Add percpu buffers for trace_printk()" Cc: stable@vger.kernel.org # v3.5+ Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Guenter Roeck <groeck@chromium.org> (cherry picked from commit 3debb0a9ddb1) Reviewed-on: https://chromium-review.googlesource.com/510807 (cherry picked from commit 6070d6aac230c6b07f0817e3ccd699cdaef08793) Reviewed-on: https://chromium-review.googlesource.com/513107 [modify] https://crrev.com/e89534bbda3a34611da94cff62ca77c0215166db/kernel/trace/trace_printk.c [modify] https://crrev.com/e89534bbda3a34611da94cff62ca77c0215166db/include/linux/kernel.h
,
May 23 2017
,
May 24 2017
,
Aug 30 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 22 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wfh@chromium.org
, May 22 2017