Date: Fri, 20 Mar 2015 19:25:12 -0400 (EDT) From: cve-assign@...re.org To: quentin.casasnovas@...cle.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, jamie.iles@...cle.com, mr.a.xavier@...il.com Subject: Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > a flaw in the way the xsave/xrstor (and their alternative > instructions) were being protected against a fault in kernel space We believe that this report can have at least one CVE ID for a fixed issue. Does anyone have a preference for two CVE IDs divided in this way: - one CVE ID for the https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 change that was introduced in 3.17. Our incomplete understanding from http://openwall.com/lists/oss-security/2015/03/18/6 is that this change had security-relevant value even though it was later determined to be mis-protecting. - a second CVE id for the https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 change ? Otherwise, we will assign only the latter. https://lkml.org/lkml/2015/3/17/462 is about "This is to prevent future misuses of the __ex_table entry like there was for xsaves/xrstors." Typically, code improvements for "prevent future misuses" purposes would not lead to additional CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVDKtrAAoJEKllVAevmvmspVsH/0nSGMudMjV5OyQSm8Ascnk1 CxANkao5I6XjH2CKu1tyZHLHnlEnZ3nwIQf94znq77BOrqTs4kv4MRLfgsz01vWI nl6ZnoxFM5gV4bgvhLHJWuv5x9wsZbEl0jpPRg9NflUa4EDqyEDUZbjZZf+Rw1bc R54CyBbfGXf7tbkPX3jcM6dGqXnaCfDyPnJiElDIUpHtBEZnm8fwdvhYHOBqWROn tMeLnORGQIiPM7GxnsMCTL5a4nsRtbXeLSmIDVlU7wEB60oxB/ZCpzg9CSHPBYEk szx2EjCRklpMHbFLEvWO3ozI47aiy5iXkUUFSOSmJR4mVvOg+bJdUpt0dr15GL8= =/+Zb -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.