oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2010-3086 kernel panic via futex

From: Eugene Teo <eugene () redhat com>
Date: Wed, 10 Nov 2010 11:08:52 +0800
Discovered by Tavis Ormandy, the exception fixup code for the __futex_atomic_op1, __futex_atomic_op2, and futex_atomic_cmpxchg-_inatomic() macros replaced the LOCK prefix with a NOP instruction. This can cause the exceptions to not match the exception table fault fixup. A local, unprivileged user could use this flaw to cause a denial of service. This is assigned with CVE-2010-3086. 

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3086
http://git.kernel.org/linus/9d55b9923a1b7ea8193b8875c57ec940dc2ff027

Thanks, Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Previous By Date Next
Previous By Thread Next

Current thread: