Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Mar 2016 17:00:03 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: Re: Partial SMAP bypass on 64-bit Linux kernels

Hi,

On Fri, Feb 26, 2016 at 12:28:23PM -0800, Andy Lutomirski wrote:
> Hi all-
> 
> Those of you using 64-bit Linux kernels on SMAP-capable systems (which
> are still very rare in the server space) with ia32 emulation enabled
> will want to backport:
> 
> https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=3d44d51bd339766f0178f0cf2e8d048b4a4872aa
> 
> That patch fixes a bug that exposed a fairly large kernel code surface
> to a straightforward SMAP bypass.
> 
> Credit to Brian Gerst who noticed the bug.
> 
> This bug is present in all kernels from 3.10 on AFAICT.  Kernels
> before 3.10 don't support SMAP in the first place.  32-bit kernels are
> not affected (but why would you be running a 32-bit kernel on
> SMAP-capable hardware in the first place?).

@MITRE CVE assignment team: Would it make sense to have a CVE id
assigned for this issue for better trackability? If so can you assign
one?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ