oss-sec mailing list archives
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
From: Solar Designer <solar () openwall com>
Date: Sat, 1 Feb 2014 03:02:32 +0400
On Sat, Feb 01, 2014 at 11:24:37AM +1300, Matthew Daley wrote:
Reported by pageexec at https://code.google.com/p/chromium/issues/detail?id=338594, which is restricted, so here's the full report:Was this was reported to the Chromium bugtracker in the first instance? If so, why? I can't see what the relation between Chromium and Linux kernel issues would be, unless I suppose it was found through work on sandboxing/NaCl/seccomp. (Not assuming or implying anything at all, I'm just confused!)
Google is offering bounties for responsible disclosure of bugs in Google's software, and I guess this includes use of Linux kernel by Chromium OS. (I don't know if this specific vulnerability was relevant to Google's products, but I wouldn't be surprised if Google is generous enough to pay a bounty anyway.) On a related note, Google is also offering bounties for security enhancements to some Open Source projects once such enhancements are accepted upstream. This includes Linux kernel and many more: http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html ... but finding a vulnerability would probably not fall under the latter program. Alexander
Current thread:
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038), (continued)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)