Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Jan 2014 19:53:13 +0000
From: halfdog <me@...fdog.net>
To: oss-security@...ts.openwall.com
Subject: Linux kernel: missing CPU-state sanitation during task-switch causes
 DOS / privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list,

Although of low impact (only some processors/kernels affected,
escalation currently only with mmap_min_addr=0), this might still be
CVE-worthy:

Faults during task-switch due to unhandled FPU-exceptions allow to
kill processes at random on all affected kernels, resulting in local
DOS in the end. One some architectures, privilege escalation under
non-common circumstances is possible, POC for escalation via
shmem_xattr_handlers is available for about 5 days.

See [1] for information about discovery, exploitation, [2] about LKML
discussion, [3] for patch.

hd

[1] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
[2] https://lkml.org/lkml/2013/12/28/95
[3]
http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlLS8q4ACgkQxFmThv7tq+5O2ACeJ2spKwVgWhLSklOtg7WlvkIl
wXMAn1Mn/9vrQPlMP53zdL/XmXLrCsIu
=ObvK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ