1709898 – (CVE-2019-2054) CVE-2019-2054 kernel: seccompass mechanism bypass

Bug 1709898 (CVE-2019-2054) - CVE-2019-2054 kernel: seccompass mechanism bypass

Summary: CVE-2019-2054 kernel: seccompass mechanism bypass

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2019-2054
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1709899
TreeView+	depends on / blocked

Reported:	2019-05-14 14:00 UTC by msiddiqu
Modified:	2021-03-03 14:38 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Linux kernel's seccomp implementation which contained a method to bypass seccomp syscall filtering policies that allowed ptrace. This could allow an attacker with code execution privileges within the sandbox to use ptrace to execute systemcalls that would be filtered by the policy.
Clone Of:
Environment:
Last Closed:	2019-05-30 01:45:05 UTC

Attachments	(Terms of Use)

Description msiddiqu 2019-05-14 14:00:15 UTC

The Linux kernels seccomp implementation contained a method to bypass seccomp syscall filtering policies that allowed ptrace.  This could allow an attacker with code execution priviledges within the sandbox to use ptrace to execute systemcalls that would be filtered by the policy.  The secuirty mechanism that is bypassed is standard 'seccomp' sandboxing, not operating system acls or permissions.

References:

https://source.android.com/security/bulletin/2019-05-01

Comment 4 Wade Mealing 2019-05-30 00:59:27 UTC

At this time Red Hat Product security considers this more system-hardening than a flaw.

This behavior is clearly defined in the seccomp man page and there is a chance that systems may rely on that behavior.  
I will create public-facing "hardening" bugs for Red Hat Enterprise Linux kernels for 

: 6 (https://bugzilla.redhat.com/show_bug.cgi?id=1715268)
: 7 (https://bugzilla.redhat.com/show_bug.cgi?id=1715271)
: 7-alt (https://bugzilla.redhat.com/show_bug.cgi?id=1715272 )
: 8 (https://bugzilla.redhat.com/show_bug.cgi?id=1715436 )

Where interest can be voiced by customers/interested parties.

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bhu
blc
brdeoliv
bskeggs
cscribne
dbaker
dhoward
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jkacur
john.j5live
jonathan
josef
jross
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
pmatouse
rt-maint
rvrbovsk
security-response-team
steved
williams
wmealing