|
Message-ID: <CALJHwhSGK2YxVqSz3zKJRbd1_mL1Yso_SUFE_5ZZ9-QKVD25Tg@mail.gmail.com> Date: Wed, 13 Apr 2016 21:18:16 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. A flaw was found in the linux kernel which could cause a kernel panic when restoring machine specific registers on ppc platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state in the transactional memory handling code and panic in a BUG_ON() defensively. QMEU guests can also modify the same machine specific register values via set_one_reg and guests may invoke the same unknown state and callpath. Since the fix is in the same location I would argue that this is the same flaw. This only both big endian and little endian ppc platforms, it does not affect non powerpc platforms. Thanks, Wade Mealing Red Hat Product Security References: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.