On Tue, May 29, 2018 at 03:08:54PM -0700, Andrew Morton wrote: > On Tue, 29 May 2018 10:56:48 -0300 Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxx> wrote: > > > It's possible to overflow the offset to get a negative value, which might > > crash the system, or possibly leak kernel data. > > I think the missing information here is "when registering a new > binfmt_misc binary type", yes? > Yes, when registering a new type. [...] > > Cc: stable@xxxxxxxxxxxxxxx > > Registering a handler is a priveleged operation. As such, I don't > think a -stable backport is needed? > Not when we take containers in mind. We might question the permission to mount a binfmt_misc inside a container, that may already have left open other ways of exploiting the system. But I would rather see this closed on my stable systems. Cascardo.
