oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Linux x86_64 NT flag issue - Linux kernel

From: cve-assign () mitre org
Date: Mon, 24 Aug 2015 23:21:15 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


When I fixed Linux's NT flag handling, I added an optimization to
Linux 3.19 and up. A malicious 32-bit program might be able to leak
NT into an unrelated task. On a CONFIG_PREEMPT=y kernel, this is a
straightforward DoS. On a CONFIG_PREEMPT=n kernel, it's probably
still exploitable for DoS with some more care.

I believe that this could be used for privilege escalation, too, but
it won't be easy.

The fix is just to revert the optimization:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0

Mitigation: CONFIG_IA32_EMULATION=n


Use CVE-2015-6666.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV290aAAoJEL54rhJi8gl51BEP/3YJaklikoui7IEnP++vCiyw
ZKapRPky4Gp2aDs0aecdsgkq+n18zq2NjfsECw5I3hvf9Anmg264pwbvrckmpITu
6Zm3V9yvO4DeJdMCDAk9W7YZzXmW1H18cXCa8DkG4Fr53h4ZZ1tUCsunXXZ82VHT
mlLiJtMlPazjaGinVLK9maMrYkmubOMOnq4sCpbGbHplo9SVfapg0BCZ5mPJyjPQ
f12Z2HRu8Gz3axij27+2vm0YA153JzELrJJ7O50Pu64cfFliXBhy0HN89OvML69h
qkR4QDvFlMmnKJIUSuiYA5exsUMUIQiCfu+ID0ho6v+HbsKNhhdS8VaFtI7LVIKJ
qOYG+EcaotiYz/2KnXuIKhxuLkU+jy42omhfLtWzf1N3GY1+L8I4yaSgmI0fAZag
k+oLWRLujAxiy58KbSfOZcpPj1IHtPXkgNBlGUWepAx8we49RvsWBNYVRTEOW+5l
3JAXBUUhueMc6+j69QjOJLmCLUKRZyRKDcxBUh8ZuiSkw+wPbOipQZMMLHpxuUAf
yGJIKArqG5pBajdzS29KjFL9mDwAs84rIR2PIlEF791k2a/5ZwN/xJr0v76cLnRI
Cjzd6re9ta70IhxMNlRhSCRepIRv5I5Ik3uHFj15bPdIul+3m01v7uZL2krGEQAl
HY2AwGUOLrm8lo8eAISC
=AgVe
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: