Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 21 Mar 2015 20:07:50 -0400 (EDT)
From: cve-assign@...re.org
To: quentin.casasnovas@...cle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jamie.iles@...cle.com, mr.a.xavier@...il.com
Subject: Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use CVE-2015-2672 for the vulnerability fixed by the
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
commit.

The rest of this message can probably be skipped unless someone cares
about the details of why
http://openwall.com/lists/oss-security/2015/03/20/17 was sent.

We had previously proposed
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 ...
had security-relevant value even though it was later determined to be
mis-protecting." This was based on your earlier phrase of "ends up
protecting the .altinstr_replacement from faulting." We now understand
that "ends up protecting the .altinstr_replacement from faulting"
actually does not ever protect anything. If the "pointer to the
instruction which might fault" points to .altinstr_replacement, this
is completely useless for preventing denial-of-service attacks. More
generally, having the "pointer to the instruction which might fault"
point to .altinstr_replacement results in absolutely zero
security-relevant value. Thus, there isn't a second CVE ID.

>>   - a ... CVE id for the
>>     https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
>>     change
>
> The above commit is the fix, not a security issue.

This was just a question of commonly used, but imprecise, terminology.
In typical usage on the oss-security list, stating that a CVE ID is
for a commit means that the CVE ID is associated with the
vulnerability that the commit fixed. This imprecise terminology can
work poorly in situations where a commit fixed one security problem
but introduced a different security problem, or situations in which
there is a possible misinterpretation that that had happened.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVDgb9AAoJEKllVAevmvmsV38H/jILrMlC9sxqt4pKuP1TBTlO
sOx2AVPI5CAOFOI4L65NBUS5KeA1KF4sUczAoY/0ekR0ikT7PUxY9jOkqGnlqdEi
Y+b7+0obYvn4l6r0UUSYrGk00WEphSBq2rUw/aFZTgrYHJfahMshnUcP+wlIVcZZ
hS2b2ApAgt/Hp4lrVOfiGX1+DlquK/FM4+jWnguzwXFErykC2xuC4B966a/MsW8F
j5FJrkuet5GGVfmkXlGh8qEhGqNdKKF77XnzXoBKYYWfvYF52nyV2+G16UncMwLT
CAYtKcnlp7vyaoih9QlJwzkypeR73NTVNMH+SE6fh1IbRy98UGzCQHQWktQRjKc=
=ughl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ