Hi, the following patch was backported to the following LTS kernels - >=3.16.35 - >=3.12.33 - >=3.10.60 - >=3.4.106 however it is missing from LTS kernels - linux-3.2 > From 0d0826019e529f21c84687521d03f60cd241ca7d Mon Sep 17 00:00:00 2001 > From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Date: Wed, 8 Oct 2014 10:42:27 -0700 > Subject: [PATCH] mnt: Prevent pivot_root from creating a loop in the mount > tree > > Andy Lutomirski recently demonstrated that when chroot is used to set > the root path below the path for the new ``root'' passed to pivot_root > the pivot_root system call succeeds and leaks mounts. > > In examining the code I see that starting with a new root that is > below the current root in the mount tree will result in a loop in the > mount tree after the mounts are detached and then reattached to one > another. Resulting in all kinds of ugliness including a leak of that > mounts involved in the leak of the mount loop. > > Prevent this problem by ensuring that the new mount is reachable from > the current root of the mount tree. > > [Added stable cc. Fixes CVE-2014-7970. --Andy] > > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > Reviewed-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> > Link: http://lkml.kernel.org/r/87bnpmihks.fsf@xxxxxxxxxxxxxxxxxxxxx > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> > Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxxxxxx> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d Ubuntu is carrying the patch with additional (required?) patches, see https://launchpad.net/ubuntu/+source/linux/3.2.0-77.112 -- Regards, Thomas
Attachment:
signature.asc
Description: OpenPGP digital signature