oss-sec mailing list archives

Re: CVE request - Linux Kernel KGDB/ppc issue

From: Josh Bressers <bressers () redhat com>
Date: Thu, 29 Apr 2010 15:23:37 -0400 (EDT)

Please use CVE-2010-1446 for this.

Thanks

-- 
    JB


----- "Hui Zhu" <hui.zhu () windriver com> wrote:

Hi All,

The problem is that if KGDB is enabled on a powerpc board, a
test that checks if a page is user or kernel is bypassed.
This means that a user can write to arbitrary kernel address space.

Upon further investigation, we found that kernels older than
the v2.6.30-rc1 release have the same problem for non-booke
ppc chips (74xx, 8641D), so we need two patches for kernels
up to that date, and then one patch for ones after that date.

Thanks,
Hui

Current thread:

CVE request - Linux Kernel KGDB/ppc issue Hui Zhu (Apr 28)
- Re: CVE request - Linux Kernel KGDB/ppc issue Eugene Teo (Apr 28)
  - Re: [security-linux] Re: [oss-security] CVE request - Linux Kernel KGDB/ppc issue Mark Hatle (Apr 29)
- Re: CVE request - Linux Kernel KGDB/ppc issue Josh Bressers (Apr 29)
- Re: CVE request - Linux Kernel KGDB/ppc issue Eugene Teo (Apr 29)