Re: [kernel-hardening] 2015 kernel CVEs

From: Ben Hutchings
Date: Tue Jan 19 2016 - 11:32:31 EST


On Tue, 2016-01-19 at 14:28 +0300, Dan Carpenter wrote:
> I like to look back over old CVEs to see how we could do better.ÂÂHere
> is the list from 2015.ÂÂI got most of this information from the Ubuntu
> CVE tracker.ÂÂThanks Ubuntu!.ÂÂIf it doesn't have a hash that means it
> might not be fixed yet.
[...]
> CVE-2013-2015 0e9a9a1ad619: ext4: hang during mount
[...]

That's not *from* 2015.

You missed a few recent ones:

CVE-2015-7566 : Crash on invalid USB device descriptors in visor driver
CVE-2015-8550 54d5d882c7e4, 0f589967a73f, 68a33bfd8403, 1f13d75ccb80, 18779149101c, be69746ec12f, 8135cf8b0927: paravirtualized drivers incautious about shared memory contents
CVE-2015-8551 56441f3c8e5b, 5e0ce1455c09, a396f3a210c3, 7cfb905b9638, 408fb0e5aa7f: Linux pciback missing sanity checks leading to crash
CVE-2015-8552 56441f3c8e5b, 5e0ce1455c09, a396f3a210c3, 7cfb905b9638, 408fb0e5aa7f: Linux pciback missing sanity checks leading to crash

(There's some subtle distinction between the last two.)

[...]
> There was only a coupls CVEs that looks like they came from a filesystem
> fuzzer where you create a corrupt filesystems and then try use them.
> There was only one that might have come from a USB fuzzer.ÂÂWe probably
> should be testing those things better.

I think that hardening filesystems is a losing battle. ÂWe can fuzz
with and protect against invalid static filesystem images, but the full
problem includes malicious removable storage devices that can exploit
TOCTTOU issues. ÂWe should probably be encouraging distributions to
mount removable devices using FUSE and to run the filesystem code with
minimal privileges.

As for USB descriptors, I'm somewhat more hopeful about hardening. ÂAt
the same time, it seems like it should be practical to put more low-
performance USB drivers into userspace.

[...]
> A lot of the bugs are just really complicated things with funny corner
> cases, namespace issues or people just made mistake in the logic and
> it's hard to do anything about it.

We can add chicken bits so that admins who don't need certain features
can turn them off (or, inversely, those who do need them will need to
turn them on).

Ben.

--
Ben Hutchings
Horngren's Observation:
Among economists, the real world is often a special case.

Attachment: signature.asc
Description: This is a digitally signed message part