Date: Thu, 19 Mar 2015 12:38:23 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Linux kernel execution in the early microcode loader. On 03/18/2015 07:22 PM, Daniel Micay wrote: > Vanilla kernels don't have this separation even without > vulnerabilities though, at without without using an LSM. Even with > an LSM, I'm pretty sure there are ways around it unless you use > seccomp too... Sure, but some downstreams ship modified kernels would probably treat this as a vulnerability (lack of enforcement of security controls etc.). -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ