Date: Wed, 27 Nov 2013 09:41:32 +0100 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Cc: Nico Golde <nico@...lde.de>, Fabian Yamaguchi <fabs@...sec.de> Subject: Re: Linux kernel CVE fixes On Fri, Nov 22, 2013 at 01:16:45PM -0800, Kees Cook wrote: > Hi, > > Here are some further issues found by Nico Golde and Fabian Yamaguchi: > > http://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914 > CVE-2013-6380 I got the question why this warrants a CVE as it is protected by CAP_SYS_ADMIN. Only reason I would see is a "root user" -> "kernel code execution" path which might otherwise be blocked by secure boot or other protection mechanisms? Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.