Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 19 Feb 2013 17:44:25 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, Kurt Seifried <kseifrie@...hat.com>
Subject: Re: CVE request -- Linux kernel: mm: thp: pmd_present
 and PROT_NONE local DoS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/19/2013 05:40 PM, Petr Matousek wrote:
> Most VM places are using pmd_none but a few are still using pmd_present.
> The meaning is about the same for the pmd. However pmd_present would
> return the wrong value on PROT_NONE ranges. When the code using
> pmd_present gets a false negative, the kernel will crash.
> 
> An unprivileged local user could use this flaw to crash the system.
> 
> Upstream fix:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=027ef6c8
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=912898
> 
> Thanks,
> 

Please use CVE-2013-0309 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRJBxoAAoJEBYNRVNeJnmTm78QAI7TPTsN/KryK4REJ2RGiSoP
GJcxRCNPwx0LiVuI2/mg/9T7cWi443tePXqJeHx57xgbjo0rGDVgKeTDC7z4F9wL
NFuYJo9kFswWfKdVx78mfDk38f4OJIuLUbEB4bUxEqpSXhnJ0c9NTtJzdVuBCXNR
So/B5Ejoh5fjws9rbknc9jjghdpr4b7OVIJ9RWu2s3rD4/V15zY5bSI44bAUPz7+
jug5QROihSmcxt+nfioGuIzfKKKOEQWNkdBCJI3T/MAx0JNW7tnWkNs+l83rR5bm
FNrronR3ohDnMFkxP/AsKbwgI8qCnP1bULWgk3Lm4zp9jnCx6300kQfwNKGBNb8j
YJxyGKl0GpxzjoFNamXE3FMi59fLfNf/jfWlywEdw1jLMbYVZeNts4tVKou8jcNR
D2iuQR4/jEu8QQSutfqUbii0PIM589o1WpyE2XCMWBAEYYqJFeTdw0lWfXGFjIWH
XGgqVpFQKtSqvcwIjgV3OuCG89kDZnhzLfWnvWrOtAKOS5xrKyg1zlvD/s2Vt8Rp
HliCxdYTYGITzFlQCadStbO5pwgiWbepkHHdNqq6nq3mO7oQqL3wdMeP90182sLs
slmNc7Qc8Ei6oObrvAOfy2T1hWxPxLxbHz6MG3UIRc30qUWv6AQFxpbOi/TWIhbm
wT8JFMB9xYDmW4D5hiwz
=Idk5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ