Date: Sun, 12 Jan 2014 19:53:13 +0000 From: halfdog <me@...fdog.net> To: oss-security@...ts.openwall.com Subject: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list, Although of low impact (only some processors/kernels affected, escalation currently only with mmap_min_addr=0), this might still be CVE-worthy: Faults during task-switch due to unhandled FPU-exceptions allow to kill processes at random on all affected kernels, resulting in local DOS in the end. One some architectures, privilege escalation under non-common circumstances is possible, POC for escalation via shmem_xattr_handlers is available for about 5 days. See  for information about discovery, exploitation,  about LKML discussion,  for patch. hd  http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/  https://lkml.org/lkml/2013/12/28/95  http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0 - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlLS8q4ACgkQxFmThv7tq+5O2ACeJ2spKwVgWhLSklOtg7WlvkIl wXMAn1Mn/9vrQPlMP53zdL/XmXLrCsIu =ObvK -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ