Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 20 Aug 2013 13:47:38 -0400 (EDT)
From: Vince Weaver <>
Subject: Re: CVE Request: linux-kernel priviledge escalation
 on ARM/perf

On Wed, 14 Aug 2013, Vince Weaver wrote:

> One of the oopses can lead to a local privilege escalation on ARM-perf.
> This fix can be found here:
> The discussion thread is:

More info on this ( CVE-2013-4254 )

The fix has been committed to linus-git and will be in 3.11-rc6:
It is also in the recent 3.10.8 stable release.

I've been doing further tests on this exploit, and it turns out it
is very hard to exploit; it depends on having a very exact kernel
memory layout with a user-mappable address at exactly the right place.

Thus despite the vulnerability being there from 3.2 through 3.11-rc6 I've
only been able to exploit it on 3.11-rc kernels, which probably limits the 
exposure from this bug (it does oops on all kernels, but doesn't call
into user code exept on 3.11-rc1 and newer).

Since the bug is now fixed and the exploit seems unlikely to trigger on
non-3.11-rc kernels, I've released my code describing the issue in more 

See my perf_event_tests package:

A simple test for the bug can be found under:
And the exploit (with details in the source code comments) is here:


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.