Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option
Bug #1972740 reported by
Thadeu Lima de Souza Cascardo
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Committed
|
High
|
Unassigned | ||
Xenial |
Triaged
|
High
|
Thadeu Lima de Souza Cascardo | ||
Bionic |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Focal |
Fix Released
|
High
|
Unassigned | ||
Impish |
Fix Released
|
High
|
Thadeu Lima de Souza Cascardo | ||
Jammy |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
PTRACE_
[Test case]
Run the reproducer from https:/
[Potential regression]
This may break ptrace users, specially ones using PTRACE_SEIZE or PTRACE_SETOPTIONS. Special attention to processes being sandboxed with seccomp.
CVE References
Changed in linux (Ubuntu Jammy): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Impish): | |
status: | New → In Progress |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
Changed in linux (Ubuntu Xenial): | |
status: | New → Triaged |
assignee: | nobody → Thadeu Lima de Souza Cascardo (cascardo) |
importance: | Undecided → High |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Impish): | |
importance: | Undecided → High |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → High |
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Committed |
information type: | Public → Public Security |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Impish): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
tags: |
added: verification-done-focal removed: verification-needed-focal |
tags: |
added: verification-done-impish removed: verification-needed-impish |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
To post a comment you must log in.
This bug is awaiting verification that the linux/4. 15.0-179. 188 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- bionic' to 'verification- done-bionic' . If the problem still exists, change the tag 'verification- needed- bionic' to 'verification- failed- bionic' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!