Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALJHwhSGK2YxVqSz3zKJRbd1_mL1Yso_SUFE_5ZZ9-QKVD25Tg@mail.gmail.com>
Date: Wed, 13 Apr 2016 21:18:16 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Linux kernel: incorrect restoration of machine specific
 registers from signal handler.

A flaw was found in the linux kernel which could cause a kernel panic
when restoring machine specific registers on ppc platform.  Incorrect
transactional memory state registers could inadvertently change the
call path on return from userspace and cause the kernel to enter an
unknown state in the transactional memory handling code and panic in a
BUG_ON() defensively.

QMEU guests can also modify the same machine specific register values
via set_one_reg and guests may invoke the same unknown state and
callpath.  Since the fix is in the same location I would argue that
this is the same flaw.

This only both big endian and little endian ppc platforms, it does not
affect non powerpc platforms.

Thanks,

Wade Mealing
Red Hat Product Security

References:

Upstream fixes:
https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=d2b9d2a5ad5ef04ff978c9923d19730cb05efd55

https://git.kernel.org/cgit/linux/kernel/git/powerpc/linux.git/commit/?h=fixes&id=7f821fc9c77a9b01fe7b1d6e72717b33d8d64142

Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1326540

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.