Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Dec 2014 02:28:32 -0500 (EST)
From: cve-assign@...re.org
To: luto@...capital.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux x86_64 userspace address leak

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On all* Linux x86_64 kernels, malicious user programs can learn the
> TLS base addresses of threads** that they preempt.

> In principle, this bug will allow programs to partially bypass ASLR

> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e

Use CVE-2014-9419.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUm7woAAoJEKllVAevmvms++EIALuBBPWGrt7W8K5kbrMb5bzG
Sy8JSp42fXiZ8wgenlrrhzU70VvvjjKYcwklsO3MFTQI/6PEb8297hbc/q+lL6TW
00p6vhfwUIgFdx2QSj/hzU143mE5F7zygMDRcHe4YupTWZNRmXKIvizn/JJ94gjO
dghgjBXqW4jh4i6StIDruwoG4gQOu8BDUQ/bmlYB4MJOBBT2OBaDZeNc2DtTJpDI
d2Dd0PO7jFGzvXZulVXgfIkuSh51aEtXyJ0vwQQ9EtE89EFcBCHlmFFZt+N9sX0M
U5Nz7gHGeCtakGRMHnt9+94mRaERb/91mS2U8GEBKzRM1LGKWpOnztCHaOwGxc8=
=S2To
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ