averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-14 09:57:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
09cb6663618a74fe5572a4931ecbf098832e79ec
linux-stable-mirror/kernel
History
Alexey Dobriyan 09cb666361 module: fix [e_shstrndx].sh_size=0 OOB access 
[ Upstream commit 391e982bfa ]

It is trivial to craft a module to trigger OOB access in this line:

	if (info->secstrings[strhdr->sh_size - 1] != '\0') {

BUG: unable to handle page fault for address: ffffc90000aa0fff
PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:load_module+0x19b/0x2391

Fixes: ec2a29593c ("module: harden ELF info handling")
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
[rebased patch onto modules-next]
Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-12 16:35:09 +02:00
..
bpf
bpf: Stop caching subprog index in the bpf_pseudo_func insn
2022-07-12 16:34:54 +02:00
cgroup
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
2022-05-18 10:26:56 +02:00
configs
debug
lockdown: also lock down previous kgdb use
2022-05-25 09:57:37 +02:00
dma
dma-direct: use the correct size for dma_set_encrypted()
2022-06-29 09:03:31 +02:00
entry
signal: Replace force_fatal_sig with force_exit_sig when in doubt
2021-11-25 09:49:07 +01:00
events
signal: Deliver SIGTRAP on perf event asynchronously if blocked
2022-06-09 10:22:48 +02:00
gcov
irq
random: remove unused irq_flags argument from add_interrupt_randomness()
2022-05-30 09:29:00 +02:00
kcsan
livepatch
livepatch: Fix build failure on 32 bits processors
2022-04-08 14:23:29 +02:00
locking
locking/lockdep: Iterate lock_classes directly when reading lockdep files
2022-04-08 14:23:57 +02:00
power
PM: suspend: fix return value of __setup handler
2022-04-08 14:23:07 +02:00
printk
printk: wake waiters for safe and NMI contexts
2022-06-09 10:22:49 +02:00
rcu
rcu: Make TASKS_RUDE_RCU select IRQ_WORK
2022-06-09 10:22:32 +02:00
sched
sched: Fix balance_push() vs __sched_setscheduler()
2022-06-22 14:22:02 +02:00
time
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
2022-07-02 16:41:12 +02:00
trace
tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher()
2022-06-29 09:03:20 +02:00
.gitignore
acct.c
async.c
Revert "module, async: async_synchronize_full() on module init iff async is used"
2022-02-23 12:03:07 +01:00
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c
audit: improve audit queue handling when "audit=1" on cmdline
2022-02-08 18:34:03 +01:00
audit.h
audit: log AUDIT_TIME_* records only from rules
2022-04-08 14:23:06 +02:00
auditfilter.c
auditsc.c
audit: log AUDIT_TIME_* records only from rules
2022-04-08 14:23:06 +02:00
backtracetest.c
bounds.c
capability.c
cfi.c
cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
2022-06-22 14:22:04 +02:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
cpu.c
random: clear fast pool, crng, and batches in cpuhp bring up
2022-05-30 09:29:09 +02:00
crash_core.c
kernel/crash_core: suppress unknown crashkernel parameter warning
2021-12-29 12:28:49 +01:00
crash_dump.c
cred.c
ucounts: Base set_cred_ucounts changes on the real user
2022-02-23 12:03:20 +01:00
delayacct.c
dma.c
exec_domain.c
exit.c
extable.c
fail_function.c
fork.c
sched: Fix yet more sched_fork() races
2022-03-08 19:12:49 +01:00
freezer.c
futex.c
gen_kheaders.sh
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kexec_core.c
kexec_elf.c
kexec_file.c
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
2022-06-09 10:23:27 +02:00
kexec_internal.h
kexec.c
kheaders.c
kmod.c
kprobes.c
kprobes: Limit max data_size of the kretprobe instances
2021-12-08 09:04:41 +01:00
ksysfs.c
kthread.c
latencytop.c
Makefile
static_call: Don't make __static_call_return0 static
2022-04-13 20:59:28 +02:00
module_signature.c
module_signing.c
module-internal.h
module.c
module: fix [e_shstrndx].sh_size=0 OOB access
2022-07-12 16:35:09 +02:00
notifier.c
nsproxy.c
padata.c
panic.c
params.c
pid_namespace.c
pid.c
profile.c
ptrace.c
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
2022-06-09 10:22:29 +02:00
range.c
reboot.c
regset.c
relay.c
resource_kunit.c
resource.c
kernel/resource: fix kfree() of bootmem memory again
2022-04-08 14:23:43 +02:00
rseq.c
rseq: Remove broken uapi field layout on 32-bit little endian
2022-04-08 14:23:10 +02:00
scftorture.c
scftorture: Fix distribution of short handler delays
2022-06-09 10:22:46 +02:00
scs.c
scs: Release kasan vmalloc poison in scs_free process
2021-11-18 19:16:29 +01:00
seccomp.c
seccomp: Invalidate seccomp mode to catch death failures
2022-02-16 12:56:38 +01:00
signal.c
signal: Deliver SIGTRAP on perf event asynchronously if blocked
2022-06-09 10:22:48 +02:00
smp.c
smp: Fix offline cpu check in flush_smp_call_function_queue()
2022-04-20 09:34:21 +02:00
smpboot.c
smpboot.h
softirq.c
stackleak.c
gcc-plugins/stackleak: Use noinstr in favor of notrace
2022-02-23 12:03:07 +01:00
stacktrace.c
stacktrace: move filter_irq_stacks() to kernel/stacktrace.c
2022-04-13 20:59:28 +02:00
static_call_inline.c
static_call: Don't make __static_call_return0 static
2022-04-13 20:59:28 +02:00
static_call.c
static_call: Don't make __static_call_return0 static
2022-04-13 20:59:28 +02:00
stop_machine.c
sys_ni.c
sys.c
ucounts: Move RLIMIT_NPROC handling after set_user
2022-02-23 12:03:20 +01:00
sysctl-test.c
sysctl.c
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
2022-03-11 12:22:31 +01:00
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
taskstats: Cleanup the use of task->exit_code
2022-01-27 11:05:35 +01:00
ucount.c
ucounts: Handle wrapping in is_ucounts_overlimit
2022-02-23 12:03:20 +01:00
uid16.c
uid16.h
umh.c
up.c
user_namespace.c
ucounts: Fix systemd LimitNPROC with private users regression
2022-03-08 19:12:42 +01:00
user-return-notifier.c
user.c
usermode_driver.c
utsname_sysctl.c
utsname.c
watch_queue.c
watch_queue: Free the page array when watch_queue is dismantled
2022-04-08 14:24:11 +02:00
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c
workqueue: Fix unbind_workers() VS wq_worker_running() race
2022-01-16 09:12:41 +01:00