Linux Kernel Ptrace Dumpability Logic Vulnerability

A vulnerability in the Linux kernel's ptrace implementation has been addressed, specifically regarding the 'dumpability' logic of tasks. The issue arose because the dumpability concept, which relates to whether a task can create a core dump, was improperly applied to kernel threads that lack a memory management (mm) context. This misapplication allowed the ptrace_may_access() function to access kernel thread details in a way that bypassed standard permission checks. The vulnerability has been resolved by refining the logic to ensure that only tasks with an appropriate mm pointer are considered dumpable, while still allowing privileged users to access necessary kernel thread information under controlled conditions.

Impact

The vulnerability could have led to improper access to kernel thread details via ptrace, potentially allowing a user with root privileges to exploit this information inappropriately.

Reproduction

The vulnerability could be reproduced by using the ptrace_may_access() function to access kernel threads that do not have an associated memory management context. This could be done by a user with root privileges, who could bypass the usual permission checks and access details that should be protected.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.