oss-sec mailing list archives
CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler.
From: Wade Mealing <wmealing () redhat com>
Date: Wed, 13 Apr 2016 21:18:16 +1000
A flaw was found in the linux kernel which could cause a kernel panic when restoring machine specific registers on ppc platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state in the transactional memory handling code and panic in a BUG_ON() defensively. QMEU guests can also modify the same machine specific register values via set_one_reg and guests may invoke the same unknown state and callpath. Since the fix is in the same location I would argue that this is the same flaw. This only both big endian and little endian ppc platforms, it does not affect non powerpc platforms. Thanks, Wade Mealing Red Hat Product Security References: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
Current thread:
- CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Wade Mealing (Apr 13)