oss-sec mailing list archives

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

From: "PaX Team" <pageexec () freemail hu>
Date: Sat, 01 Feb 2014 03:45:14 +0100

On 1 Feb 2014 at 3:02, Solar Designer wrote:

Google is offering bounties for responsible disclosure of bugs in
Google's software, and I guess this includes use of Linux kernel by
Chromium OS.


exactly, and the same bugtracker is used for all chrom* products
(somewhat confusingly btw, as there's no kernel category for example
when one opens a bug ;).

 (I don't know if this specific vulnerability was relevant
to Google's products,


i was told that x32 wasn't enabled anywhere (yet, anyway) so they
aren't affected.

http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html

... but finding a vulnerability would probably not fall under the latter
program.


yes, that's a somewhat different kettle of fish though bugfixes may
be eligible if it's about fixing or mitigating entire classes (not
the case here obviously).

Current thread:

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038), (continued)
- - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Matthew Daley (Jan 31)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 01)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
  - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 03)
    - Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 03)