|
Message-ID: <Pine.GSO.4.51.0810031709450.9068@faron.mitre.org> Date: Fri, 3 Oct 2008 17:11:03 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel: x86: Fix broken LDT access in VMI On Fri, 3 Oct 2008, Eugene Teo wrote: > "[PATCH] x86: Fix broken LDT access in VMI ====================================================== Name: CVE-2008-4410 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4410 Reference: MLIST:[oss-security] 20081003 CVE request: kernel: x86: Fix broken LDT access in VMI Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/03/3 Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=de59985e3a623d4d5d6207f1777398ca0606ab1c The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.