Year 2038 time set problem

valdis.kletnieks at vt.edu valdis.kletnieks at vt.edu
Sun Mar 4 13:31:04 EST 2018


On Sun, 04 Mar 2018 06:59:46 +0000, tali.perry at nuvoton.com said:
> It is not secure because it is not fixed for these issues:
> https://meltdownattack.com/

Note that saying "The CPU isn't vulnerable to Meltdown/Spectre, therefor
the 4.1 kernel is OK" is *incredibly* wrong.

For the record, since 4.1 came out, there's been at *least* a dozen security
issues in the Linux kernel that have been a *lot* scarier for security
professionals than the Meltdown/Spectre issue.  That only got any news coverage
because it was an actual hardware design flaw that was believed to be difficult
to easily fix with software changes...

For example, here's a partial list of known security issues fixed in *just* 4.14.8:

(You want the full list, it's here: https://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/cvssscoremin-7/cvssscoremax-7.99/Linux-Linux-Kernel.html

Looks like there were some 298 CVE numbers assigned to the Linux kernel
after the 4.1 release date.  Note that this doe *NOT* include fixed bugs
that had security implications but were not assigned a CVE number)

CVE-2017-17857 The check_stack_boundary function in kernel/bpf/verifier.c in
the Linux kernel through 4.14.8 allows local users to cause a denial of service
(memory corruption) or possibly have unspecified other impact by leveraging
mishandling of invalid variable stack read operations.

CVE-2017-17856 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows
local users to cause a denial of service (memory corruption) or possibly have
unspecified other impact by leveraging the lack of stack-pointer alignment
enforcement.

CVE-2017-17855 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows
local users to cause a denial of service (memory corruption) or possibly have
unspecified other impact by leveraging improper use of pointers in place of
scalars.

CVE-2017-17854 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows
local users to cause a denial of service (integer overflow and memory
corruption) or possibly have unspecified other impact by leveraging
unrestricted integer values for pointer arithmetic.

CVE-2017-17853 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows
local users to cause a denial of service (memory corruption) or possibly have
unspecified other impact by leveraging incorrect BPF_RSH signed bounds
calculations.

CVE-2017-17852 kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows
local users to cause a denial of service (memory corruption) or possibly have
unspecified other impact by leveraging mishandling of 32-bit ALU ops.

CVE-2017-17806 The HMAC implementation (crypto/hmac.c) in the Linux kernel
before 4.14.8 does not validate that the underlying cryptographic hash
algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based
hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm
(CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a
crafted sequence of system calls that encounter a missing SHA-3 initialization.

CVE-2017-17805 The Salsa20 encryption algorithm in the Linux kernel before
4.14.8 does not correctly handle zero-length inputs, allowing a local attacker
able to use the AF_ALG-based skcipher interface
(CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service
(uninitialized-memory free and kernel crash) or have unspecified other impact
by executing a crafted sequence of system calls that use the blkcipher_walk
API. Both the generic implementation (crypto/salsa20_generic.c) and x86
implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20180304/aa4dbf4b/attachment.sig>


More information about the Kernelnewbies mailing list