Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 Apr 2010 10:13:18 +0800
From: Hui Zhu <hui.zhu@...driver.com>
To: oss-security@...ts.openwall.com
CC: Paul Gortmaker <paul.gortmaker@...driver.com>,
        +security-linux <security-linux@...driver.com>,
        "Wessel, Jason" <jason.wessel@...driver.com>,
        Wu Fei <fei.wu@...driver.com>
Subject: CVE request - Linux Kernel KGDB/ppc issue

Hi All,

The problem is that if KGDB is enabled on a powerpc board, a
test that checks if a page is user or kernel is bypassed.
This means that a user can write to arbitrary kernel address space.

Upon further investigation, we found that kernels older than
the v2.6.30-rc1 release have the same problem for non-booke
ppc chips (74xx, 8641D), so we need two patches for kernels
up to that date, and then one patch for ones after that date.

Thanks,
Hui


View attachment "0001-kgdb-don-t-needlessly-skip-PAGE_USER-test-for-Fsl-bo.patch" of type "text/x-diff" (1448 bytes)

View attachment "0002-kgdb-don-t-needlessly-skip-PAGE_USER-test.patch" of type "text/x-diff" (1439 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ