Date: Thu, 29 Apr 2010 10:13:18 +0800 From: Hui Zhu <hui.zhu@...driver.com> To: oss-security@...ts.openwall.com CC: Paul Gortmaker <paul.gortmaker@...driver.com>, +security-linux <security-linux@...driver.com>, "Wessel, Jason" <jason.wessel@...driver.com>, Wu Fei <fei.wu@...driver.com> Subject: CVE request - Linux Kernel KGDB/ppc issue Hi All, The problem is that if KGDB is enabled on a powerpc board, a test that checks if a page is user or kernel is bypassed. This means that a user can write to arbitrary kernel address space. Upon further investigation, we found that kernels older than the v2.6.30-rc1 release have the same problem for non-booke ppc chips (74xx, 8641D), so we need two patches for kernels up to that date, and then one patch for ones after that date. Thanks, Hui View attachment "0001-kgdb-don-t-needlessly-skip-PAGE_USER-test-for-Fsl-bo.patch" of type "text/x-diff" (1448 bytes) View attachment "0002-kgdb-don-t-needlessly-skip-PAGE_USER-test.patch" of type "text/x-diff" (1439 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ