Re: CVE Request: Linux mishandles int80 fork from 64-bit tasks

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There's another problem, though: setup_thread_stack would propagate
> TS_COMPAT (i.e. the indication that the task is in a 32-bit syscall)
> to the child, and nothing would clear that bit.  This violates a
> general invariant that tasks executing in user mode never have
> TS_COMPAT set.

> As a result, both seccomp and
> audit could misinterpret the offending syscall, with possibly
> dangerous results depending on configuration.
>
> I suspect that this could be used to break out of certain seccomp
> sandboxes on kernels older than 3.16.

> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b

Use CVE-2015-2830.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVHYHRAAoJEKllVAevmvmsrvYIAKBD7+M0GS8PStp23ejjfU+b
yUBKc5dN1ew+wnSJlV87kBbYpXrRSgzqf5YuYNZOHesFDT230c5Gh8WBSQ/8qOJr
sB49vuigHBARO095BN2yMuYz3j4peVtT0GAZwg6VudnmezqSfeSUUEY6s2n66Htw
AstvNy+iL/FImw5R1k5RZwB0wwmxo+/vSHguDX0O2jzqynrNPrVi7H54H+WrTptR
tZc+eDrZOLUR2VgjArh/xEGq97iEzUworsXhunn7jBQne0wDIAv+ejTVI6c9Ju+8
zUYdWBNdq3x+uQ36bpz54KuDwchVvMSiAQOtcFgZic9QB9NheArzSf5B7M+nJmE=
=KUII
-----END PGP SIGNATURE-----