Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 25 Jun 2016 12:25:17 -0400 (EDT)
From: cve-assign@...re.org
To: mpe@...erman.id.au
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Linux: powerpc/tm: Always reclaim in start_thread() for exec() class syscalls - Linux kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We've found an issue in the handling of Transactional Memory on powerpc
> systems. An unprivileged local user can crash the kernel by starting a
> transaction, suspending it, and then calling any of the exec() class system
> calls.
> 
> https://patchwork.ozlabs.org/patch/636776/

>> Userspace can quite legitimately perform an exec() syscall with a
>> suspended transaction. exec() does not return to the old process,
>> rather it load a new one and starts that, the expectation therefore is
>> that the new process starts not in a transaction. Currently exec() is
>> not treated any differently to any other syscall which creates
>> problems.

Use CVE-2016-5828.

This is not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/arch/powerpc/kernel/process.c
but may be there later.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXbq+vAAoJEHb/MwWLVhi2fJcP/0BcGb5bh7e/KURhMlhCN5Pd
FPqvNvpTdpLzDnW6ert9mD7wBrHbvf3CdSbNTUI2seRHAcV+ga4Z7gRvmqLtcTCC
9qdsZymXU6i/ptFKImrHgPbFuqXT8ogOt87usL8RHOaAajRwWYasWsCKWOc0ZJKb
b819G7I9aXgdLqon+EFcTm0NgU/6VxvK2hrE8b0bGkqw7rflWWIbMYxsb46VoqKe
BklhgJZUp9kVd2hpNN1Fpv57e8kQ3JtV9obDEW16W68bpiuKIR5HEvZRsBbydNd7
CqRG7Q4WaqUdlrr9TT3cFHQFOyDZc+rkzrn+yc39xwzOtHJGRHG8bs+wZ0IjihYg
/VpbjOu6/H1tCBZ2FFH+WEN0PZsqtRy4P9FJzIc2hdsVaj6xC5XxMoh4vH1ryuDp
gwMc2nZDgtZRN9XQe7n8f6Zd1M4EsSDDrBHp77WgtBmVJTOIF31iN8/tFEjzN0d7
f5ExKTsMBiEcmK1gZ2YQnlhKtoEEpar95/meGd9FHzsrKg7TV0oc6pChWfTGV5rl
BvrRJOOs5E433vIIPiTl40QzVPZDnCiqAnH2bzy60ugr7gxTi7vdE/M7VBdUK6yw
6Oq25iahfH6LOgevzImbDEmQrOf07exQZinXrn+y0e6iYkaPJ78mmBtshX+XUrB7
K4Cb5KrtVl/PVf5dy3mi
=y7Xd
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ