On 09/12/2018 02:34 PM, Greg KH wrote:
On Tue, Sep 04, 2018 at 03:24:03PM +0000, Tyler Hicks wrote:
Hello - Two issues were reported to Ubuntu in the IRDA subsystem. IRDA is no longer present in the upstream kernel as of 4.17 but the stable tree is affected.
Given that irda is broken in these trees, how can anyone even trigger these bugs? How is the code being loaded by a normal user?
I'm unaware about how broken irda is in these trees but opening an AF_IRDA socket is sufficient for the reported issues:
$ uname -r 4.14.69+ $ lsmod | grep irda $ cat irda.c #include <stdio.h> #include <sys/socket.h> #include <sys/types.h>
int main(void) { int fd;
fd = socket(AF_IRDA, SOCK_SEQPACKET, 0); if (fd == -1) { perror("socket"); return 1; }
return 0; } $ gcc -o irda irda.c $ ./irda $ lsmod | grep irda irda 233472 0 crc_ccitt 16384 1 irda
Once you have the socket fd, you can perform operations on it to manipulate the LM_IAS database and trigger these issues.
Tyler