|
Message-ID: <69b19982-5ed2-77be-40c7-8a236d1ac4bf@grsecurity.net> Date: Thu, 3 Feb 2022 11:18:11 +0100 From: Mathias Krause <minipli@...ecurity.net> To: oss-security@...ts.openwall.com Subject: Re: CVE-2022-22942: Linux kernel: wrong file descriptor handling in the vmwgfx driver Good Morning! Am 27.01.22 um 23:20 schrieb Mathias Krause: > Am 27.01.22 um 21:00 schrieb Mathias Krause: >> Exploiting this vulnerability requires an attacker to have access to >> either /dev/dri/card0 or /dev/dri/rendererD128 and be able to issue an >> ioctl() on the resulting file descriptor. > > Forgot to mention, as per linux-distros' list policy, an exploit for the > vulnerability will be provided in 7 days, as one has been shared with > the linux-distros before. > > Meanwhile the patch was merged into Linux mainline: > https://git.kernel.org/linus/a0f90c881570 It's now also part of the following kernels: v4.14.264: commit e8d092a62449 v4.19.227: commit 0008a0c78fc3 v5.4.175: commit 84b1259fe36a v5.10.95: commit 77656fde3c01 v5.15.18: commit 6066977961fc v5.16.4: commit 1d833b27fb70 Attached is the exploit, as demanded by the linux-distros mailing list policy. We did not intend to be providing this exploit, especially not within 7 days of disclosure, however when reporting this issue privately to linux-distros and asked to provide the exploit I developed, I did not realize that the mailing list rules (https://oss-security.openwall.org/wiki/mailing-lists/distros) require the public posting of the exploit no later than I am providing it now. While the requirement does serve the useful purpose of ensuring the private list doesn't become a stockpile of private exploits, we encourage others to please read the rules of the list fully before submitting and consider sharing exploits with individual members rather than to the list as a whole so as to avoid being forced to publish an exploit that in some instances may do more harm than good. Thanks, Mathias View attachment "vmwgfx.c" of type "text/x-csrc" (6706 bytes) Download attachment "OpenPGP_signature" of type "application/pgp-signature" (666 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.