Re: CVE Request: Linux kernel LDT handling bugs

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 1. espfix64 is designed to double-fault and recover on failures. This
> worked great for #GP and #NP, but it didn't work for #SS.

> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441

Use CVE-2014-9090.


> 2. When trying and failing to return directly to userspace from IST
> context

> I'm not sure that this one is even worthy of a CVE.

There is currently no CVE ID for finding 2.


> 3. When the kernel tried and failed to return directly to userspace
> from IST context and espfix64 was *not* involved

> It's also harmless unless an attacker can persuade the kernel to
> corrupt its stack, and that is unlikely to happen by itself.

There is currently no CVE ID for finding 3.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUdYDIAAoJEKllVAevmvms0TIH/its/p32/ROv6gtP0xdrtKkO
cDWFeEZyBcGKeIHjccURiRZZXMwAgAuVvY+FmScPw+Dg0YrMcU4G7rAD/3USDo5v
RN8V+RRPzwfawdVPMery46H4JbWZm1KCujXN8r4RtbAfrWnq/KnyaT0PNMFuFcat
u/YCZpKacaDH1hBMKgoVaWgJzmIwZSDdDdE0HvN25/A7lTWg3Bm1SQPUxxdhduup
EkO6aE2JKwexS5hQi+Nr+2djtt8DMbsWKVGmxXTZ0UY3jOcyS/o6g6cCpPD1G8Nx
jNiNUznCdL9kqiARlNYwwHp5DczswjVAoLKh/pRJL7HvN6pjqdhYjCZUc/VG7G8=
=OQfC
-----END PGP SIGNATURE-----