Date: Thu, 8 Aug 2013 17:02:49 -0700 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Petr Matousek <pmatouse@...hat.com> Subject: Re: CVE Request: Linux kernel: arm64: unhandled el0 traps On Thu, Aug 08, 2013 at 03:39:30PM +0530, P J P wrote: > Hi, > > Linux kernel built for the ARM64(CONFIG_ARM64) platform is > vulnerable to a crash when the processor generates trap/esr, that is > not handled gracefully, which leads to bad_mode(), wherein it'll > die() or oops(). > > A user/program could use this flaw to crash the kernel resulting in DoS. > > Upstream fixes: > =============== > -> https://git.kernel.org/linus/381cc2b9705512ee7c7f1839cbdde374625a2a9f > -> https://git.kernel.org/linus/9955ac47f4ba1c95ecb6092aeaefb40a22e99268 CVE requests for code that can only run on a processor that is not shipping yet? Isn't there a rule somewhere about CVEs not being allowed for stuff like this? thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.