Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 21 Mar 2015 20:07:50 -0400 (EDT)
From: cve-assign@...re.org
To: quentin.casasnovas@...cle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jamie.iles@...cle.com, mr.a.xavier@...il.com
Subject: Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use CVE-2015-2672 for the vulnerability fixed by the
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
commit.

The rest of this message can probably be skipped unless someone cares
about the details of why
http://openwall.com/lists/oss-security/2015/03/20/17 was sent.

We had previously proposed
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 ...
had security-relevant value even though it was later determined to be
mis-protecting." This was based on your earlier phrase of "ends up
protecting the .altinstr_replacement from faulting." We now understand
that "ends up protecting the .altinstr_replacement from faulting"
actually does not ever protect anything. If the "pointer to the
instruction which might fault" points to .altinstr_replacement, this
is completely useless for preventing denial-of-service attacks. More
generally, having the "pointer to the instruction which might fault"
point to .altinstr_replacement results in absolutely zero
security-relevant value. Thus, there isn't a second CVE ID.

>>   - a ... CVE id for the
>>     https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
>>     change
>
> The above commit is the fix, not a security issue.

This was just a question of commonly used, but imprecise, terminology.
In typical usage on the oss-security list, stating that a CVE ID is
for a commit means that the CVE ID is associated with the
vulnerability that the commit fixed. This imprecise terminology can
work poorly in situations where a commit fixed one security problem
but introduced a different security problem, or situations in which
there is a possible misinterpretation that that had happened.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVDgb9AAoJEKllVAevmvmsV38H/jILrMlC9sxqt4pKuP1TBTlO
sOx2AVPI5CAOFOI4L65NBUS5KeA1KF4sUczAoY/0ekR0ikT7PUxY9jOkqGnlqdEi
Y+b7+0obYvn4l6r0UUSYrGk00WEphSBq2rUw/aFZTgrYHJfahMshnUcP+wlIVcZZ
hS2b2ApAgt/Hp4lrVOfiGX1+DlquK/FM4+jWnguzwXFErykC2xuC4B966a/MsW8F
j5FJrkuet5GGVfmkXlGh8qEhGqNdKKF77XnzXoBKYYWfvYF52nyV2+G16UncMwLT
CAYtKcnlp7vyaoih9QlJwzkypeR73NTVNMH+SE6fh1IbRy98UGzCQHQWktQRjKc=
=ughl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.