oss-sec mailing list archives
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions.
From: cve-assign () mitre org
Date: Sat, 21 Mar 2015 20:07:50 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use CVE-2015-2672 for the vulnerability fixed by the https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 commit. The rest of this message can probably be skipped unless someone cares about the details of why http://openwall.com/lists/oss-security/2015/03/20/17 was sent. We had previously proposed "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 ... had security-relevant value even though it was later determined to be mis-protecting." This was based on your earlier phrase of "ends up protecting the .altinstr_replacement from faulting." We now understand that "ends up protecting the .altinstr_replacement from faulting" actually does not ever protect anything. If the "pointer to the instruction which might fault" points to .altinstr_replacement, this is completely useless for preventing denial-of-service attacks. More generally, having the "pointer to the instruction which might fault" point to .altinstr_replacement results in absolutely zero security-relevant value. Thus, there isn't a second CVE ID.
- a ... CVE id for the https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 changeThe above commit is the fix, not a security issue.
This was just a question of commonly used, but imprecise, terminology. In typical usage on the oss-security list, stating that a CVE ID is for a commit means that the CVE ID is associated with the vulnerability that the commit fixed. This imprecise terminology can work poorly in situations where a commit fixed one security problem but introduced a different security problem, or situations in which there is a possible misinterpretation that that had happened. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVDgb9AAoJEKllVAevmvmsV38H/jILrMlC9sxqt4pKuP1TBTlO sOx2AVPI5CAOFOI4L65NBUS5KeA1KF4sUczAoY/0ekR0ikT7PUxY9jOkqGnlqdEi Y+b7+0obYvn4l6r0UUSYrGk00WEphSBq2rUw/aFZTgrYHJfahMshnUcP+wlIVcZZ hS2b2ApAgt/Hp4lrVOfiGX1+DlquK/FM4+jWnguzwXFErykC2xuC4B966a/MsW8F j5FJrkuet5GGVfmkXlGh8qEhGqNdKKF77XnzXoBKYYWfvYF52nyV2+G16UncMwLT CAYtKcnlp7vyaoih9QlJwzkypeR73NTVNMH+SE6fh1IbRy98UGzCQHQWktQRjKc= =ughl -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 18)
- Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign (Mar 20)
- Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 21)
- Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign (Mar 21)
- Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 21)
- Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign (Mar 20)