prlimit: do_prlimit needs to have a speculation check (!2498) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Alex Gladkov requested to merge legionus/centos-stream-9:fix-bz-2196316 into main May 09, 2023

Bugzilla: https://bugzilla.redhat.com/2196316 CVE: CVE-2023-0458 Upstream Status: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=739790605705ddcf18f21782b9c99ad7d53a8c11

commit 739790605705ddcf18f21782b9c99ad7d53a8c11 Author: Greg Kroah-Hartman gregkh@linuxfoundation.org Date: Fri Jan 20 11:03:20 2023 +0100

prlimit: do_prlimit needs to have a speculation check

do_prlimit() adds the user-controlled resource value to a pointer that
will subsequently be dereferenced.  In order to help prevent this
codepath from being used as a spectre "gadget" a barrier needs to be
added after checking the range.

Reported-by: Jordy Zomer <jordyzomer@google.com>
Tested-by: Jordy Zomer <jordyzomer@google.com>
Suggested-by: Linus Torvalds <torvalds@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Alex Gladkov agladkov@redhat.com

prlimit: do_prlimit needs to have a speculation check

Merge request reports