oss-sec mailing list archives

Re: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler.

From: cve-assign () mitre org
Date: Wed, 13 Apr 2016 11:05:30 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Upstream fixes:


We feel that the two listed git.kernel.org commits should have
separate CVE IDs.

QMEU guests can also modify the same machine specific register values
via set_one_reg and guests may invoke the same unknown state and
callpath. Since the fix is in the same location I would argue that
this is the same flaw.


We do not feel that there's a need for any separate CVE IDs that are
specific to this QEMU observation.

https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55

Currently we allow both the MSR T and S bits to be set by userspace on
a signal return. Unfortunately this is a reserved configuration and
will cause a TM Bad Thing exception if attempted


Use CVE-2015-8844.

https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142

This tm_reclaim() now causes a TM Bad Thing exception as this state
has already been saved and the processor is no longer in TM suspend
mode.


Use CVE-2015-8845.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXDl+gAAoJEL54rhJi8gl5T7wP/2/ntgW7kmLWhFqlfS0C8LXy
YP6YBfdnxTQ65Cl8E5kJMZpRKmkqgQ7lXQ4Kb7yttyFSK5nQkN9AOyFXapOsKTlD
7MTkmM4BIhPv0kKB+Sl1jhMvXw+ZJyue/NLhj2YwX5UKI2Ud/7n7tvdsCINXuH4o
xgGgnGiLG4rCsyxmwoguglyvkEG0brURXgG+HVTSG5JHY+DjdD7ggWujrj+WwVZP
fEBT4HaI59PzbgY1KsToj7nIMg3RGv1OHJ507x+t45wHUjVT7kAlgunLUdJ9Gkxt
OJOctE1oBfgRH0cHUUdPFBVvP6S1HUXZ7HZTFpGS17+FjQ3z1J76OwZDu6CKzxKb
M9bon4o3AHmduqOyH5vfu68pkwWHV5EAhihk8Az2jRwqVEgG57thhCk22NmXaiYT
kdgJIrgiHognvjk6yckrjO7JbApHnTYGCXPPcTUtHsihb2eXMl7s5W0O6aOcWkDY
HnbkamRgl1KHBJJTyG8st5jfa6jq/boo2JZUu2W1mEaH/dMTrGCuDtVupXtb38sO
6E+3MtZj5a/KU+7d+eio355/oxDJ9Txnv2ykx8tzQftO9gYBCpA3xc/frU3AwQeA
pBeVnmwxuybREBCeburjFvHyHOtW+hLSCP1zk7dNMI9z6Yj/CZcDmjFIbzRqAVOr
34oxYUiS76IsBIuX/CCS
=hKPj
-----END PGP SIGNATURE-----

Current thread:

CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Wade Mealing (Apr 13)
- Re: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. cve-assign (Apr 13)