Date: Thu, 13 Jan 2022 16:23:23 -0800 From: Gordon Tetlow <gordon@tetlows.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-22:01.vt Message-ID: <CAKghNw3V_CdBFFgpJYbfrcD2213AdsyBLf41skcgB0CjObxkKw@mail.gmail.com> In-Reply-To: <20220114001912.F2F6D770A@freefall.freebsd.org> References: <20220114001912.F2F6D770A@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the delay in sending this to the security mailing list. Since the mailing list change over, we've had a few hiccups on delivery to the lists and with this email, we should hopefully be back to a state where we consistently deliver. Again, apologies for the weirdness, but I believe we have ironed out all the wrinkles and will be in a better spot going forward. Thanks to the postmaster team for the work in getting this all sorted. Gordon Hat: security-officer On Thu, Jan 13, 2022 at 4:19 PM FreeBSD Security Advisories <security-advisories@freebsd.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-22:01.vt Security Advisory > The FreeBSD Project > > Topic: vt console buffer overflow > > Category: kernel > Module: vt > Announced: 2022-01-11 > Credits: Oleg Bulyzhin > Affects: FreeBSD 12.2 and FreeBSD 13.0 > Corrected: 2021-09-22 18:41:00 UTC (stable/13, 13.0-STABLE) > 2022-01-11 18:15:03 UTC (releng/13.0, 13.0-RELEASE-p6) > 2021-09-25 18:15:49 UTC (stable/12, 12.2-STABLE) > 2022-01-11 18:33:21 UTC (releng/12.2, 12.2-RELEASE-p12) > CVE Name: CVE-2021-29632 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > FreeBSD's system console is provided by the vt(4) virtual terminal console > driver. > > II. Problem Description > > Under certain conditions involving use of the highlight buffer while > text is scrolling on the console, console data may overwrite data > structures associated with the system console or other kernel memory. > > III. Impact > > Users with access to the system console may be able to cause system > misbehaviour. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, > and reboot. > > Perform one of the following: > > 1) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the amd64, i386, or > (on FreeBSD 13 and later) arm64 platforms can be updated via the > freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/SA-22:01/vt.patch > # fetch https://security.FreeBSD.org/patches/SA-22:01/vt.patch.asc > # gpg --verify vt.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the > system. > > VI. Correction details > > This issue is corrected by the corresponding Git commit hash or Subversion > revision number in the following stable and release branches: > > Branch/path Hash Revision > - ------------------------------------------------------------------------- > stable/13/ 9352de39c3dc stable/13-n247428 > releng/13.0/ 3e0a1e124169 releng/13.0-n244773 > stable/12/ r370674 > releng/12.2/ r371491 > - ------------------------------------------------------------------------- > > For FreeBSD 13 and later: > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat <commit hash> > > Or visit the following URL, replacing NNNNNN with the hash: > > <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > For FreeBSD 12 and earlier: > > Run the following command to see which files were modified by a particular > revision, replacing NNNNNN with the revision number: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; > > VII. References > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29632>; > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:01.vt.asc>; > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmHd1f4ACgkQ05eS9J6n > 5cIgEBAAkXpnKSElsT96dj4RYWJLkqB4+OBkGoOGrsZj8zd5Ei85oohhL38xiYAE > jQpSwblgYCqmOxRL4hGgKN6fBPMnc/zXCdZhJzAfgkKXsn4eY5mObN1jus7owsmC > RnFNOLSr1VVJZs8H1RAeAjJT2I6DF0oLb/f1u3ik+bPFJ8Y4hvPEliSH7rpzVBq7 > hpmiH1HxAArVwtJ15N+7u6vNUce57dWSh4NzPHLduzMRpatPKVqtkC7UJIvqisxl > bQTK46MYo454SgbZjRPistwnV9NFKjuKy5Rh38/FURbnBxg8w2HVkabidMy5lJyU > geSOvV4wc2LraRdSvJHZlNXu1BJKnPpTpsl6XNr8ePzAl9rRPjZKo8cEBMmTlqK0 > KdMeKsf1OfspA/8L6mCpg4NDeOoHktCrICWTi4/E6nGX/e1hZrCXKcxf0KYbhcfO > xNvrYtKkCtCbEnbzZbW6rjY/RAmRwwMNngVw2FWRuSWU6BCmfKZndUXFO7aghj6Q > JKISfctwtcHWn/QzI2BN9pNWZlzAJ8BfxR+/bV6VJNuRILOhrvgjnUzpies1xv7z > GRN9JlpxzqihhlX8JED7jDOm99YflEG0Ep7Cr1OYXLDVx1xxh8dQLCOwl5qjnKgd > ELae8IKnUn5pI1Og44AsjY9xWOvxxz28luwFxsbYf+3UMo6M4eE= > =hcWy > -----END PGP SIGNATURE----- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKghNw3V_CdBFFgpJYbfrcD2213AdsyBLf41skcgB0CjObxkKw>