Date: Sat, 21 Mar 2015 20:07:50 -0400 (EDT) From: cve-assign@...re.org To: quentin.casasnovas@...cle.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jamie.iles@...cle.com, mr.a.xavier@...il.com Subject: Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Use CVE-2015-2672 for the vulnerability fixed by the https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 commit. The rest of this message can probably be skipped unless someone cares about the details of why http://openwall.com/lists/oss-security/2015/03/20/17 was sent. We had previously proposed "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 ... had security-relevant value even though it was later determined to be mis-protecting." This was based on your earlier phrase of "ends up protecting the .altinstr_replacement from faulting." We now understand that "ends up protecting the .altinstr_replacement from faulting" actually does not ever protect anything. If the "pointer to the instruction which might fault" points to .altinstr_replacement, this is completely useless for preventing denial-of-service attacks. More generally, having the "pointer to the instruction which might fault" point to .altinstr_replacement results in absolutely zero security-relevant value. Thus, there isn't a second CVE ID. >> - a ... CVE id for the >> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 >> change > > The above commit is the fix, not a security issue. This was just a question of commonly used, but imprecise, terminology. In typical usage on the oss-security list, stating that a CVE ID is for a commit means that the CVE ID is associated with the vulnerability that the commit fixed. This imprecise terminology can work poorly in situations where a commit fixed one security problem but introduced a different security problem, or situations in which there is a possible misinterpretation that that had happened. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVDgb9AAoJEKllVAevmvmsV38H/jILrMlC9sxqt4pKuP1TBTlO sOx2AVPI5CAOFOI4L65NBUS5KeA1KF4sUczAoY/0ekR0ikT7PUxY9jOkqGnlqdEi Y+b7+0obYvn4l6r0UUSYrGk00WEphSBq2rUw/aFZTgrYHJfahMshnUcP+wlIVcZZ hS2b2ApAgt/Hp4lrVOfiGX1+DlquK/FM4+jWnguzwXFErykC2xuC4B966a/MsW8F j5FJrkuet5GGVfmkXlGh8qEhGqNdKKF77XnzXoBKYYWfvYF52nyV2+G16UncMwLT CAYtKcnlp7vyaoih9QlJwzkypeR73NTVNMH+SE6fh1IbRy98UGzCQHQWktQRjKc= =ughl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ