oss-sec mailing list archives
Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel
From: cve-assign () mitre org
Date: Sat, 25 Jun 2016 12:25:17 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We've found an issue in the handling of Transactional Memory on powerpc systems. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls. https://patchwork.ozlabs.org/patch/636776/
Userspace can quite legitimately perform an exec() syscall with a suspended transaction. exec() does not return to the old process, rather it load a new one and starts that, the expectation therefore is that the new process starts not in a transaction. Currently exec() is not treated any differently to any other syscall which creates problems.
Use CVE-2016-5828. This is not yet available at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/arch/powerpc/kernel/process.c but may be there later. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXbq+vAAoJEHb/MwWLVhi2fJcP/0BcGb5bh7e/KURhMlhCN5Pd FPqvNvpTdpLzDnW6ert9mD7wBrHbvf3CdSbNTUI2seRHAcV+ga4Z7gRvmqLtcTCC 9qdsZymXU6i/ptFKImrHgPbFuqXT8ogOt87usL8RHOaAajRwWYasWsCKWOc0ZJKb b819G7I9aXgdLqon+EFcTm0NgU/6VxvK2hrE8b0bGkqw7rflWWIbMYxsb46VoqKe BklhgJZUp9kVd2hpNN1Fpv57e8kQ3JtV9obDEW16W68bpiuKIR5HEvZRsBbydNd7 CqRG7Q4WaqUdlrr9TT3cFHQFOyDZc+rkzrn+yc39xwzOtHJGRHG8bs+wZ0IjihYg /VpbjOu6/H1tCBZ2FFH+WEN0PZsqtRy4P9FJzIc2hdsVaj6xC5XxMoh4vH1ryuDp gwMc2nZDgtZRN9XQe7n8f6Zd1M4EsSDDrBHp77WgtBmVJTOIF31iN8/tFEjzN0d7 f5ExKTsMBiEcmK1gZ2YQnlhKtoEEpar95/meGd9FHzsrKg7TV0oc6pChWfTGV5rl BvrRJOOs5E433vIIPiTl40QzVPZDnCiqAnH2bzy60ugr7gxTi7vdE/M7VBdUK6yw 6Oq25iahfH6LOgevzImbDEmQrOf07exQZinXrn+y0e6iYkaPJ78mmBtshX+XUrB7 K4Cb5KrtVl/PVf5dy3mi =y7Xd -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls Michael Ellerman (Jun 24)
- Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel cve-assign (Jun 25)