Описание
In the Linux kernel, the following vulnerability has been resolved:
x86/signal: Detect and prevent an alternate signal stack overflow
The kernel pushes context on to the userspace stack to prepare for the user's signal handler. When the user has supplied an alternate signal stack, via sigaltstack(2), it is easy for the kernel to verify that the stack size is sufficient for the current hardware context.
Check if writing the hardware context to the alternate stack will exceed it's size. If yes, then instead of corrupting user-data and proceeding with the original signal handler, an immediate SIGSEGV signal is delivered.
Refactor the stack pointer check code from on_sig_stack() and use the new helper.
While the kernel allows new source code to discover and use a sufficient alternate signal stack size, this check is still necessary to protect binaries with insufficient alternate signal stack size from data corruption.
In the Linux kernel, the following vulnerability has been resolved:
x86/signal: Detect and prevent an alternate signal stack overflow
The kernel pushes context on to the userspace stack to prepare for the user's signal handler. When the user has supplied an alternate signal stack, via sigaltstack(2), it is easy for the kernel to verify that the stack size is sufficient for the current hardware context.
Check if writing the hardware context to the alternate stack will exceed it's size. If yes, then instead of corrupting user-data and proceeding with the original signal handler, an immediate SIGSEGV signal is delivered.
Refactor the stack pointer check code from on_sig_stack() and use the new helper.
While the kernel allows new source code to discover and use a sufficient alternate signal stack size, this check is still necessary to protect binaries with insufficient alternate signal stack size from data corruption.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-47326
- https://git.kernel.org/stable/c/00fcd8f33e9b9f57115c3b1cfc4cb96450c18796
- https://git.kernel.org/stable/c/2beb4a53fc3f1081cedc1c1a198c7f56cc4fc60c
- https://git.kernel.org/stable/c/74569cb9ed7bc60e395927f55d3dc3be143a0164
- https://git.kernel.org/stable/c/74d6fcea1d896800e60f1c675137efebd1a6c9a6
- https://git.kernel.org/stable/c/afb04d0b5543a5bf8e157b9119fbfc52606f4c11
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.