[英]CVE-2016-4470 Patch information
Patch for CVE CVE补丁
The description states : 描述指出:
The key_reject_and_link
function in security/keys/key.c
in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl
request2 command. 直到4.6.3的Linux内核中的
security/keys/key.c
中的key_reject_and_link
函数不能确保初始化某些数据结构,这使本地用户可以通过涉及精心制作的keyctl
向量来导致拒绝服务(系统崩溃) request2命令。
Questions: 问题:
Since the root cause of this CVE is that __key_link_begin fails, and variable edit is uninitialized, the method to fix this problem is to detect such failure of __key_link_begin. 由于此CVE的根本原因是__key_link_begin失败,并且变量编辑未初始化,因此解决此问题的方法是检测__key_link_begin的此类失败。 From my knowledge, link_ret is the return value of __key_link_begin(), the patch adds one condition (
link_ret == 0
) to verify whether __key_link_begin fails or not. 据我所知,link_ret是__key_link_begin()的返回值,补丁会添加一个条件(
link_ret == 0
)以验证__key_link_begin是否失败。
I think it should not involve race condition here. 我认为这里不应该涉及比赛条件。 My guess is from the stack trace shown in the patch
我的猜测来自补丁中显示的堆栈跟踪
Please refer to the answer of Question 1. 请参考问题1的答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.