Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux - CVE-2020-10751
@ 2020-06-03  7:57 Ovidiu Panait
  2020-06-03  8:18 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 2+ messages in thread
From: Ovidiu Panait @ 2020-06-03  7:57 UTC (permalink / raw)
  To: xiao.zhang, yue.tao
  Cc: lpd-eng-rr, stable, Paul Moore, Greg Kroah-Hartman, Ovidiu Panait

Summary: Security Advisory - linux - CVE-2020-10751
Tech Review: Xiao
Gatekeeper: Yue Tao
Lockdown Approval (if needed):
Branch Tag: LTS19, LTS18

IP Statement (form link or license statement, usually automated):
Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess
Parent Template (where applicable):


-------------------------------------
Impacted area             Impact y/n
-------------------       -----------
docs/tech-pubs                 n
tests                          n
build system                   n
host dependencies              n
RPM/packaging                  n
toolchain                      n
kernel code                    y
user code                      n
configuration files            n
target configuration           n
Other                          n
Applicable to Yocto/upstream   n
New Kernel Warnings            n


Comments (indicate scope for each "y" above):
---------------------------------------------
From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001
From: Paul Moore <paul@paul-moore.com>
Date: Tue, 28 Apr 2020 09:59:02 -0400
Subject: [PATCH] selinux: properly handle multiple messages in
 selinux_netlink_send()

commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.

Fix the SELinux netlink_send hook to properly handle multiple netlink
messages in a single sk_buff; each message is parsed and subject to
SELinux access control.  Prior to this patch, SELinux only inspected
the first message in the sk_buff.

Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>

Added Files:
------------
No.

Removed Files:
--------------
No.

Remaining Changes (diffstat):
-----------------------------
 security/selinux/hooks.c | 70 ++++++++++++++++++++++++++--------------
 1 file changed, 45 insertions(+), 25 deletions(-)

Testing Applicable to:
----------------------
intel-x86-64

Testing Commands:
-----------------
CONFIG_SECURITY_SELINUX=y
bitbake virtual/kernel

Testing, Expected Results:
--------------------------
Build OK. No build err/warning caused by this modification.

Conditions of submission:
-------------------------
Build OK. No build err/warning caused by this modification.
Boot in qemu OK.

Arch    built      boot     boardname
-------------------------------------
MIPS      n         n
MIPS64    n         n
MIPS64n32 n         n
ARM32     n         n
ARM64     n         n
x86       n         n
x86_64    y         n       intel-x86-64
PPC       n         n
PPC64     n         n
SPARC64   n         n



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux - CVE-2020-10751
  2020-06-03  7:57 Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux - CVE-2020-10751 Ovidiu Panait
@ 2020-06-03  8:18 ` Greg Kroah-Hartman
  0 siblings, 0 replies; 2+ messages in thread
From: Greg Kroah-Hartman @ 2020-06-03  8:18 UTC (permalink / raw)
  To: Ovidiu Panait; +Cc: xiao.zhang, yue.tao, lpd-eng-rr, stable, Paul Moore

On Wed, Jun 03, 2020 at 10:57:00AM +0300, Ovidiu Panait wrote:
> Summary: Security Advisory - linux - CVE-2020-10751
> Tech Review: Xiao
> Gatekeeper: Yue Tao
> Lockdown Approval (if needed):
> Branch Tag: LTS19, LTS18
> 
> IP Statement (form link or license statement, usually automated):
> Crypto URL(s) (if needed): see http://wiki.wrs.com/PBUeng/LinuxProductDivisionExportProcess
> Parent Template (where applicable):
> 
> 
> -------------------------------------
> Impacted area             Impact y/n
> -------------------       -----------
> docs/tech-pubs                 n
> tests                          n
> build system                   n
> host dependencies              n
> RPM/packaging                  n
> toolchain                      n
> kernel code                    y
> user code                      n
> configuration files            n
> target configuration           n
> Other                          n
> Applicable to Yocto/upstream   n
> New Kernel Warnings            n
> 
> 
> Comments (indicate scope for each "y" above):
> ---------------------------------------------
> >From 11d31c9c777c235630d9a72bf316f48c5036e609 Mon Sep 17 00:00:00 2001
> From: Paul Moore <paul@paul-moore.com>
> Date: Tue, 28 Apr 2020 09:59:02 -0400
> Subject: [PATCH] selinux: properly handle multiple messages in
>  selinux_netlink_send()
> 
> commit fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.
> 
> Fix the SELinux netlink_send hook to properly handle multiple netlink
> messages in a single sk_buff; each message is parsed and subject to
> SELinux access control.  Prior to this patch, SELinux only inspected
> the first message in the sk_buff.
> 
> Cc: stable@vger.kernel.org
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> [OP: backport of eeef0d9fd40 from branch linux-5.4.y of linux-stable]
> Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
> 
> Added Files:
> ------------
> No.
> 
> Removed Files:
> --------------
> No.
> 
> Remaining Changes (diffstat):
> -----------------------------
>  security/selinux/hooks.c | 70 ++++++++++++++++++++++++++--------------
>  1 file changed, 45 insertions(+), 25 deletions(-)
> 
> Testing Applicable to:
> ----------------------
> intel-x86-64
> 
> Testing Commands:
> -----------------
> CONFIG_SECURITY_SELINUX=y
> bitbake virtual/kernel
> 
> Testing, Expected Results:
> --------------------------
> Build OK. No build err/warning caused by this modification.
> 
> Conditions of submission:
> -------------------------
> Build OK. No build err/warning caused by this modification.
> Boot in qemu OK.
> 
> Arch    built      boot     boardname
> -------------------------------------
> MIPS      n         n
> MIPS64    n         n
> MIPS64n32 n         n
> ARM32     n         n
> ARM64     n         n
> x86       n         n
> x86_64    y         n       intel-x86-64
> PPC       n         n
> PPC64     n         n
> SPARC64   n         n

What is this message for?  What are we supposed to do with it?

confused,

greg k-h

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2020-06-03  8:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-06-03  7:57 Review request for LIN1019-4731/LIN1018-6238 Security Advisory - linux - CVE-2020-10751 Ovidiu Panait
2020-06-03  8:18 ` Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).