Laszlo Ersek requested to merge lersek/kernel:tun-tap-sk_uid-rhel9-2229506 into main Aug 07, 2023

Merge Request Required Information

Summary of Changes

Upstream cover letter (captured in merge commit 666c135b2d859a00ee74c8645b2affacfae45421):

tun/tap: set sk_uid from current_fsuid()

The original patches fixing CVE-2023-1076 are incorrect in my opinion.
This small series fixes them up; see the individual commit messages for
explanation.

I have a very elaborate test procedure demonstrating the problem for
both tun and tap; it involves libvirt, qemu, and "crash". I can share
that procedure if necessary, but it's indeed quite long (I wrote it
originally for our QE team).

The patches in this series are supposed to "re-fix" CVE-2023-1076; given
that said CVE is classified as Low Impact (CVSSv3=5.5), I'm posting this
publicly, and not suggesting any embargo. Red Hat Product Security may
assign a new CVE number later.

I've tested the patches on top of v6.5-rc4, with "crash" built at commit
c74f375e0ef7.

Approved Development Ticket

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2229506

CVE: CVE-2023-4194

Signed-off-by: Laszlo Ersek lersek@redhat.com

Edited Aug 07, 2023 by Laszlo Ersek

tun/tap: set sk_uid from current_fsuid()

Merge Request Required Information

Summary of Changes

Approved Development Ticket

Merge request reports