oss-sec mailing list archives
Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 07 Feb 2013 11:23:51 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/07/2013 03:55 AM, Petr Matousek wrote:
Access to /dev/cpu/*/msr was protected only using filesystem checks. A local uid 0 (root) user with all capabilities dropped could use this flaw to execute arbitrary code in kernel mode. Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00 References: https://bugzilla.redhat.com/show_bug.cgi?id=908693 http://grsecurity.net/~spender/msr32.c Thanks,
Please use CVE-2013-0268 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRE/E3AAoJEBYNRVNeJnmTjvIQAJZAOvO1heqIEZXdmxZfCBsW y+NjKmN/El8PCPJ4bfGrH0TK7y+lZYBWBfnbaHI1kTZOxs/NuVtPn88D+Am+AABf TBa2Jm3Bj19MnqYkkpdGJ+TCNgMpzByu8f1xRKK+lwHdCBkbV4HRKC+I5f7Tej9V pVyFTaEyLivdaYqb+6Uq7ndQXVu1W/XBGN+7ulh37WFQ43eS+wP0RFR5BFoToeiR rrb2YppjAYZJSEI638Cd72Lo3J/9kSPgu8bKm5XEwngCyMICqRy4uLSPisaw2Crm mlXaj2xzT7uGgmxtSLSFJQR0gewqsl0bmelC87Ay/bgyI0tRb+ujcYv9ttxLHUcC V6dwWV5sCqxQqdgnEu08Yo8Oaqv33ohvkrxEpiMWrhjsLHE2hw5vjsInIi5fjCGO Pzhjx6VOu5Ov5EHE9RWzyiUUzMCutwUsAnt28lsfQvEM2BZCYp408MMBAadezLUB sAxmMjaUWnRYwU2bOqG4vKKMK2rm5zBHrdpHWkhigpk5WkH+FNMCfNBTUg7DAu/i yZRc0QvpzE//Eg/+bEvIco5g8cH23C20/5lM/IC6GDdhhnSKd0XTXBtHkZpPt6oZ QnXsHB5v2SWwLdofuKGFwvaBEkT51LhDuWLqE4JmEXt2rm0PdrfwXTsNt5Gom40X PJZB9LRVZ8BuaPabv+9S =hulg -----END PGP SIGNATURE-----
Current thread:
- CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek (Feb 07)
- Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried (Feb 07)