On 09/12/2018 02:34 PM, Greg KH wrote:
> On Tue, Sep 04, 2018 at 03:24:03PM +0000, Tyler Hicks wrote:
>> Hello - Two issues were reported to Ubuntu in the IRDA subsystem. IRDA is no
>> longer present in the upstream kernel as of 4.17 but the stable tree is
>> affected.
>
> Given that irda is broken in these trees, how can anyone even trigger
> these bugs? How is the code being loaded by a normal user?
I'm unaware about how broken irda is in these trees but opening an
AF_IRDA socket is sufficient for the reported issues:
$ uname -r
4.14.69+
$ lsmod | grep irda
$ cat irda.c
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
int main(void)
{
int fd;
fd = socket(AF_IRDA, SOCK_SEQPACKET, 0);
if (fd == -1) {
perror("socket");
return 1;
}
return 0;
}
$ gcc -o irda irda.c
$ ./irda
$ lsmod | grep irda
irda 233472 0
crc_ccitt 16384 1 irda
Once you have the socket fd, you can perform operations on it to
manipulate the LM_IAS database and trigger these issues.
Tyler
Attachment:
signature.asc
Description: OpenPGP digital signature
