oss-security - Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <5113F137.2090003@redhat.com>
Date: Thu, 07 Feb 2013 11:23:51 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, Kurt Seifried <kseifrie@...hat.com>,
        spender@...ecurity.net
Subject: Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr
 local privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/07/2013 03:55 AM, Petr Matousek wrote:
> Access to /dev/cpu/*/msr was protected only using filesystem
> checks. A local uid 0 (root) user with all capabilities dropped
> could use this flaw to execute arbitrary code in kernel mode.
> 
> Upstream commit: 
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00
>
>  References: https://bugzilla.redhat.com/show_bug.cgi?id=908693 
> http://grsecurity.net/~spender/msr32.c
> 
> Thanks,

Please use CVE-2013-0268 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRE/E3AAoJEBYNRVNeJnmTjvIQAJZAOvO1heqIEZXdmxZfCBsW
y+NjKmN/El8PCPJ4bfGrH0TK7y+lZYBWBfnbaHI1kTZOxs/NuVtPn88D+Am+AABf
TBa2Jm3Bj19MnqYkkpdGJ+TCNgMpzByu8f1xRKK+lwHdCBkbV4HRKC+I5f7Tej9V
pVyFTaEyLivdaYqb+6Uq7ndQXVu1W/XBGN+7ulh37WFQ43eS+wP0RFR5BFoToeiR
rrb2YppjAYZJSEI638Cd72Lo3J/9kSPgu8bKm5XEwngCyMICqRy4uLSPisaw2Crm
mlXaj2xzT7uGgmxtSLSFJQR0gewqsl0bmelC87Ay/bgyI0tRb+ujcYv9ttxLHUcC
V6dwWV5sCqxQqdgnEu08Yo8Oaqv33ohvkrxEpiMWrhjsLHE2hw5vjsInIi5fjCGO
Pzhjx6VOu5Ov5EHE9RWzyiUUzMCutwUsAnt28lsfQvEM2BZCYp408MMBAadezLUB
sAxmMjaUWnRYwU2bOqG4vKKMK2rm5zBHrdpHWkhigpk5WkH+FNMCfNBTUg7DAu/i
yZRc0QvpzE//Eg/+bEvIco5g8cH23C20/5lM/IC6GDdhhnSKd0XTXBtHkZpPt6oZ
QnXsHB5v2SWwLdofuKGFwvaBEkT51LhDuWLqE4JmEXt2rm0PdrfwXTsNt5Gom40X
PJZB9LRVZ8BuaPabv+9S
=hulg
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.