oss-sec mailing list archives
Re: CVE Request: Linux kernel execution in the early microcode loader.
From: cve-assign () mitre org
Date: Fri, 20 Mar 2015 19:26:37 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Linux kernel Intel early microcode loader was vulnerable to a stack overflow.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
Our understanding of the discussion is, very roughly: - given the design goals of this part of the Linux kernel, it is reasonable for someone (who has a realistic use case for the Linux kernel code) to assert that this stack overflow crosses privilege boundaries within their environment - there are probably many other environments in which a person may guess that this stack overflow crosses privilege boundaries, but it actually doesn't We think that's enough to have a CVE. Use CVE-2015-2666. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVDKtkAAoJEKllVAevmvmsmfUH/RfgUk74bz3JbYvZmRzi8cXo vPWxDcFH+QA13gWAAcDcQyFJhStOFaGCVw/ZBp+Di353dZIXbUgqwDQhfDtDKu2B lpwFNiBmFsZkMe/yi3fnl7VENV4lUZzphnMlzvjsXbNMDwWKZqL92tGMbWSamKKI 3LeszniwXYfI1HXSC4lkD34DTnQ43ZyyO9T+oEF56ZvngzAXaHQH19Hvs7vbmUGj 3t3rxjcYUT8WmRFR1aGq+lbhimXfXxZqT+dTufbLYTRT60ZC/gygDyTzMKathRzx 7DTt2YYktHrDOx/loC2YxMi5JcEIlljMTa7xsWEvmiNmQIcMebXfYwVqX0l9Dks= =fSth -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux kernel execution in the early microcode loader. Quentin Casasnovas (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 19)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. cve-assign (Mar 20)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)