Bug 1178421

Summary: VUL-0: kernel-source: UAF in FONT ioctls
Product: [openSUSE] openSUSE Tumbleweed Reporter: Jiri Slaby <jslaby>
Component: KernelAssignee: Jiri Slaby <jslaby>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium CC: meissner
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Jiri Slaby 2020-11-04 08:49:48 UTC 
FONT ioctls in vt handling code is racy. It uses fg_console without locks. That can lead to use after reads. Fixed by: 
commit 90bfdeef83f1d6c696039b6a917190dcbbad3220
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon Oct 26 13:15:23 2020 -0700

    tty: make FONTX ioctl use the tty pointer they were actually passed

This will likely lead to some CVE...
Comment 1 Jiri Slaby 2020-11-04 12:02:27 UTC 
(In reply to Jiri Slaby from comment #0)
> This will likely lead to some CVE...

Ah, so this is the bug.

*** This bug has been marked as a duplicate of bug 1178123 ***