Bug 1709898 (CVE-2019-2054) - CVE-2019-2054 kernel: seccompass mechanism bypass
Summary: CVE-2019-2054 kernel: seccompass mechanism bypass
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-2054
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1709899
TreeView+ depends on / blocked
 
Reported: 2019-05-14 14:00 UTC by msiddiqu
Modified: 2021-03-03 14:38 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's seccomp implementation which contained a method to bypass seccomp syscall filtering policies that allowed ptrace. This could allow an attacker with code execution privileges within the sandbox to use ptrace to execute systemcalls that would be filtered by the policy.
Clone Of:
Environment:
Last Closed: 2019-05-30 01:45:05 UTC
Embargoed:

Attachments (Terms of Use)

Description msiddiqu 2019-05-14 14:00:15 UTC 
The Linux kernels seccomp implementation contained a method to bypass seccomp syscall filtering policies that allowed ptrace.  This could allow an attacker with code execution priviledges within the sandbox to use ptrace to execute systemcalls that would be filtered by the policy.  The secuirty mechanism that is bypassed is standard 'seccomp' sandboxing, not operating system acls or permissions.

References:

https://source.android.com/security/bulletin/2019-05-01
Comment 4 Wade Mealing 2019-05-30 00:59:27 UTC 
At this time Red Hat Product security considers this more system-hardening than a flaw.

This behavior is clearly defined in the seccomp man page and there is a chance that systems may rely on that behavior.  
I will create public-facing "hardening" bugs for Red Hat Enterprise Linux kernels for 

: 6 (https://bugzilla.redhat.com/show_bug.cgi?id=1715268)
: 7 (https://bugzilla.redhat.com/show_bug.cgi?id=1715271)
: 7-alt (https://bugzilla.redhat.com/show_bug.cgi?id=1715272 )
: 8 (https://bugzilla.redhat.com/show_bug.cgi?id=1715436 )

Where interest can be voiced by customers/interested parties.
Note You need to log in before you can comment on or make changes to this bug.