fix handling of F_OFD_... in oabi_fcntl64() in kernel critical CVE-2015-8966

Tracked by Jolla (In release)

asked 2017-04-26 11:52:00 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-04-26 11:52:00 +0300

lpr gravatar image

Description

arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.

CVSS v3 Base Score: 7.8 High

This patch should fix it.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/arch/arm/kernel/sys_oabi-compat.c lines 193-244

edit retag flag offensive close delete