UBUNTU-CVE-2015-1593

Description

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

Affected Systems

• ubuntu•linux

  < 3.13.0-49.81

• ubuntu•linux-azure

  all

• ubuntu•linux-azure-6.11

  all

• ubuntu•linux-azure-fde

  all

• ubuntu•linux-azure-fde-5.15

  all

• ubuntu•linux-gcp

  all

• ubuntu•linux-gcp-6.11

  all

• ubuntu•linux-gke

  all

• ubuntu•linux-gkeop

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-6.11

  all

• ubuntu•linux-hwe-edge

  all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-lowlatency-hwe-6.11

  all

• ubuntu•linux-lts-utopic

  < 3.16.0-34.45~14.04.1

• ubuntu•linux-raspi-realtime

  all

• ubuntu•linux-raspi2

  all

• ubuntu•linux-realtime

  all | all

• ubuntu•linux-riscv

  all | all | all

References (11)

• https://ubuntu.com/security/CVE-2015-1593
• http://www.openwall.com/lists/oss-security/2015/02/13/13
• http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
• http://hmarco.org/bugs/patches/fix_randomize_stack_top_properly_linux_3-17.1.patch
• https://ubuntu.com/security/notices/USN-2560-1
• https://ubuntu.com/security/notices/USN-2561-1
• https://ubuntu.com/security/notices/USN-2562-1
• https://ubuntu.com/security/notices/USN-2563-1
• https://ubuntu.com/security/notices/USN-2564-1
• https://ubuntu.com/security/notices/USN-2565-1
• https://www.cve.org/CVERecord?id=CVE-2015-1593