Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130809000249.GE12615@kroah.com>
Date: Thu, 8 Aug 2013 17:02:49 -0700
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: Petr Matousek <pmatouse@...hat.com>
Subject: Re: CVE Request: Linux kernel: arm64: unhandled el0
 traps

On Thu, Aug 08, 2013 at 03:39:30PM +0530, P J P wrote:
>   Hi,
> 
> Linux kernel built for the ARM64(CONFIG_ARM64) platform is
> vulnerable to a crash when the processor generates trap/esr, that is
> not handled gracefully, which leads to bad_mode(), wherein it'll
> die() or oops().
> 
> A user/program could use this flaw to crash the kernel resulting in DoS.
> 
> Upstream fixes:
> ===============
>  -> https://git.kernel.org/linus/381cc2b9705512ee7c7f1839cbdde374625a2a9f
>  -> https://git.kernel.org/linus/9955ac47f4ba1c95ecb6092aeaefb40a22e99268

CVE requests for code that can only run on a processor that is not
shipping yet?  Isn't there a rule somewhere about CVEs not being allowed
for stuff like this?

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.