Date: Mon, 24 Aug 2015 17:27:54 -0700 From: Andy Lutomirski <luto@...capital.net> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE Request: Linux x86_64 NT flag issue When I fixed Linux's NT flag handling, I added an optimization to Linux 3.19 and up. A malicious 32-bit program might be able to leak NT into an unrelated task. On a CONFIG_PREEMPT=y kernel, this is a straightforward DoS. On a CONFIG_PREEMPT=n kernel, it's probably still exploitable for DoS with some more care. I believe that this could be used for privilege escalation, too, but it won't be easy. The fix is just to revert the optimization: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0 Mitigation: CONFIG_IA32_EMULATION=n. Seccomp does *not* mitigate this bug. --Andy P.S. This is yet another x86 mis-design leading to garbage results.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ