Security-Announce archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD Security Advisory 2023-003: Structure padding memory disclosures



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

		 NetBSD Security Advisory 2023-003
		 =================================

Topic:		Structure padding memory disclosures

Version:	NetBSD-current:		affected prior to 2021-09-09
		NetBSD 10.0_BETA:	unaffected
		NetBSD 9.3:		unaffected
		NetBSD 9.2:		affected
		NetBSD 9.1:		affected
		NetBSD 9.0:		affected
		NetBSD 8.2:		affected
		NetBSD 8.1:		affected
		NetBSD 8.0:		affected

Severity:	Kernel memory disclosure

Fixed:		NetBSD-current:		2021-09-09
		NetBSD-10 branch:	N/A
		NetBSD-9 branch:	2022-08-03
		NetBSD-8 branch:	2023-06-21

Please note that NetBSD releases prior to 8.2 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Many system calls can disclose kernel memory due to structure padding.


Technical Details
=================

Many system that return structured data only initialized the fields of those
structures resulting in uninitialized memory bytes where padding was added
by the compiler for alignment purposes. These uninitialized bytes contain
random kernel memory data from the stack, which was copied to userland.


Solutions and Workarounds
=========================

There are pre-built binaries for all architectures and NetBSD versions at:

    https://nycdn.netbsd.org/pub/NetBSD-daily/

For example you can find the standard GENERIC kernel for NetBSD-9/amd64 at:

    https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-9/latest/amd64/binary/kernel/netbsd-GENERIC.gz

Alternatively to build from source for all NetBSD versions, you
need to obtain fixed kernel sources, rebuild and install the new
kernel, and reboot the system.

The fixed source may be obtained from the NetBSD CVS repository. The
following instructions briefly summarize how to upgrade your kernel.
In these instructions, replace:

	ARCH     with your architecture (from uname -m), and
	KERNCONF with the name of your kernel configuration file.

To update from CVS, re-build, and re-install the kernel:

	# cd src
	# cvs update -dP src/sys
	# ./build.sh kernel=KERNCONF
	# mv /netbsd /netbsd.old
	# cp sys/arch/ARCH/compile/obj/KERNCONF/netbsd /netbsd
	# shutdown -r now

For more information on how to do this, see:

	https://www.NetBSD.org/docs/guide/en/chap-kernel.html


Thanks To
=========

Trend Micro for reporting the bug for the stat conversion functions
and Taylor Campbell for auditing the kernel for more instances.


Revision History
================

	2023-06-28	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at

	https://cdn.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2023-NNN.txt.asc

Information about NetBSD and NetBSD security can be found at

	https://www.NetBSD.org/
	https://www.NetBSD.org/Security/


Copyright 2023, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2023-003.txt,v 1.1 2023/06/28 15:32:44 christos Exp $
-----BEGIN PGP SIGNATURE-----

iQJQBAEBCAA6FiEEJxEzJivzXLUNT1BGiSYeF/XvSf8FAmScUp0cHHNlY3VyaXR5
LW9mZmljZXJAbmV0YnNkLm9yZwAKCRCJJh4X9e9J/zbMD/9+qgIOswCLofrvCtz3
DpRrJEPM01TN1ZDZKVdRlV8Y9v3xKsrm6usiDmNzb238L8c++xbGSeDJD8zJB8LF
zrecGdSLUl+ztPs7tnEm7JNx6EEFAXAWQ5Sbdd7bN66R0M+1+ohhVQkWZHtGIvjU
EiNiMDLN2PYVUQpfVihXZUNk8AcerBfvFKOZ5vfrhiqFWokWv+9SeyrF5zJt6hyT
wUuoS7PqJAUZ7eIw21jh9R7ijOQm83sdKe50JeXlia5Djdigzq6vqMk4d1JHm4xi
CBBHadachCVBUPzO0xURaSe5+3pvD0+8ZnqqjUwqrfQQa/QkfYaA8u+nFgqhC0PZ
Se5Jzm4BKLVBMWIEEf60LGpN+J/CRgu9OFwIAEtZFhH8aUsUjkYBQkGO6nrZdmtf
HfyH6UKcOBYrT+FWVpjH2P+ZpHTaeZPadZMQHfZeNCIoQlHkuq4NKVxBVQM0e+18
A1sO14tMY2GQi3nds2reEnNuru4kPlhSQnm1H4rjA3Bg+3hwFCGOB5kSZRRg9oZS
KxfLsehh0VDllXPKlQvrhdL+62KYPJWPq+u3w5f0YJUhdMApvURRmZuAMFpARFRG
k8cC51cMEKzvHpBEoN6DV22GT/fRZ/j6gvU6u/q1eC6OsFnsKXO5JhcvkU+MCysH
YbcR2Ko3ZcrFLimSv6FxfeEkGQ==
=gG7S
-----END PGP SIGNATURE-----


Home | Main Index | Thread Index | Old Index