MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-06-25 11:43:20 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1bb0aca1e0
linux-imx/security
History
Sasha Levin 1bb0aca1e0 KEYS: close race between key lookup and freeing 
commit a3a8784454 upstream.

When a key is being garbage collected, it's key->user would get put before
the ->destroy() callback is called, where the key is removed from it's
respective tracking structures.

This leaves a key hanging in a semi-invalid state which leaves a window open
for a different task to try an access key->user. An example is
find_keyring_by_name() which would dereference key->user for a key that is
in the process of being garbage collected (where key->user was freed but
->destroy() wasn't called yet - so it's still present in the linked list).

This would cause either a panic, or corrupt memory.

Fixes CVE-2014-9529.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
2015-01-29 15:45:09 +01:00
..
apparmor apparmor: fix bad lock balance when introspecting policy 2013-10-16 11:54:01 +11:00
integrity evm: check xattr value length and type in evm_inode_setxattr() 2014-11-13 19:02:14 +01:00
keys KEYS: close race between key lookup and freeing 2015-01-29 15:45:09 +01:00
selinux selinux: fix inode security list corruption 2014-11-13 19:02:18 +01:00
smack Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2013-09-07 14:34:07 -07:00
tomoyo Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
yama yama: Better permission check for ptraceme 2013-03-26 13:17:58 -07:00
capability.c xattr: Constify ->name member of "struct xattr". 2013-07-25 19:30:03 +10:00
commoncap.c CAPABILITIES: remove undefined caps from all processes 2014-09-17 16:55:03 +02:00
device_cgroup.c device_cgroup: check if exception removal is allowed 2014-06-09 15:53:24 +02:00
inode.c securityfs: fix object creation races 2012-01-10 10:20:35 -05:00
Kconfig KEYS: Move the key config into security/keys/Kconfig 2012-05-11 10:56:56 +01:00
lsm_audit.c LSM: BUILD_BUG_ON if the common_audit_data union ever grows 2012-04-09 12:23:03 -04:00
Makefile security: Yama LSM 2012-02-10 09:18:52 +11:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c xattr: Constify ->name member of "struct xattr". 2013-07-25 19:30:03 +10:00