Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 07 Feb 2013 11:23:51 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, Kurt Seifried <kseifrie@...hat.com>,
        spender@...ecurity.net
Subject: Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr
 local privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/07/2013 03:55 AM, Petr Matousek wrote:
> Access to /dev/cpu/*/msr was protected only using filesystem
> checks. A local uid 0 (root) user with all capabilities dropped
> could use this flaw to execute arbitrary code in kernel mode.
> 
> Upstream commit: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00
>
>  References: https://bugzilla.redhat.com/show_bug.cgi?id=908693 
> http://grsecurity.net/~spender/msr32.c
> 
> Thanks,

Please use CVE-2013-0268 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRE/E3AAoJEBYNRVNeJnmTjvIQAJZAOvO1heqIEZXdmxZfCBsW
y+NjKmN/El8PCPJ4bfGrH0TK7y+lZYBWBfnbaHI1kTZOxs/NuVtPn88D+Am+AABf
TBa2Jm3Bj19MnqYkkpdGJ+TCNgMpzByu8f1xRKK+lwHdCBkbV4HRKC+I5f7Tej9V
pVyFTaEyLivdaYqb+6Uq7ndQXVu1W/XBGN+7ulh37WFQ43eS+wP0RFR5BFoToeiR
rrb2YppjAYZJSEI638Cd72Lo3J/9kSPgu8bKm5XEwngCyMICqRy4uLSPisaw2Crm
mlXaj2xzT7uGgmxtSLSFJQR0gewqsl0bmelC87Ay/bgyI0tRb+ujcYv9ttxLHUcC
V6dwWV5sCqxQqdgnEu08Yo8Oaqv33ohvkrxEpiMWrhjsLHE2hw5vjsInIi5fjCGO
Pzhjx6VOu5Ov5EHE9RWzyiUUzMCutwUsAnt28lsfQvEM2BZCYp408MMBAadezLUB
sAxmMjaUWnRYwU2bOqG4vKKMK2rm5zBHrdpHWkhigpk5WkH+FNMCfNBTUg7DAu/i
yZRc0QvpzE//Eg/+bEvIco5g8cH23C20/5lM/IC6GDdhhnSKd0XTXBtHkZpPt6oZ
QnXsHB5v2SWwLdofuKGFwvaBEkT51LhDuWLqE4JmEXt2rm0PdrfwXTsNt5Gom40X
PJZB9LRVZ8BuaPabv+9S
=hulg
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ