Date: Mon, 24 Aug 2015 17:27:54 -0700 From: Andy Lutomirski <luto@...capital.net> To: oss security list <oss-security@...ts.openwall.com> Subject: CVE Request: Linux x86_64 NT flag issue When I fixed Linux's NT flag handling, I added an optimization to Linux 3.19 and up. A malicious 32-bit program might be able to leak NT into an unrelated task. On a CONFIG_PREEMPT=y kernel, this is a straightforward DoS. On a CONFIG_PREEMPT=n kernel, it's probably still exploitable for DoS with some more care. I believe that this could be used for privilege escalation, too, but it won't be easy. The fix is just to revert the optimization: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0 Mitigation: CONFIG_IA32_EMULATION=n. Seccomp does *not* mitigate this bug. --Andy P.S. This is yet another x86 mis-design leading to garbage results.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.