Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <201406022323.s52NNJLx024941@linus.mitre.org>
Date: Mon, 2 Jun 2014 19:23:19 -0400 (EDT)
From: cve-assign@...re.org
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE-2014-3940 - Linux kernel - missing check during hugepage migration

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The scope of CVE-2014-3940 is the https://lkml.org/lkml/2014/3/18/784
post, i.e., "[PATCH RESEND -mm 1/2] mm: add !pte_present() check on
existing hugetlb_entry callbacks" on 18 March.

Two notes about this:

  - Applying the https://lkml.org/lkml/2014/3/18/784 patch to, for
    example, the 3.14.5 release would involve changing the
    queue_pages_hugetlb_pmd_range function instead of the
    queue_pages_hugetlb function.

  - The scope of CVE-2014-3940 does not include the related "2/2"
    message in the https://lkml.org/lkml/2014/3/18/769 post. The issue
    there is not fully investigated, and may be a bug that doesn't
    affect any stable kernel release.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTjQX5AAoJEKllVAevmvmsf/IH/R/0yPoIowUFpeCJ1kQiPojD
KexPi5c8hne6z2jfmHARzjmBQS7IvHn/FcrBONF7WIcDnFZq4CgVHhIcGuJjiOI2
uQKXx6JUX6bHahGMdNs2ow2SQzCLy1xj0FcHQBAg/RZVk4jBAQIWkvbkeE52tWaK
IpICuE3Sderg7rtucHqpbMjlD76rr/PqiANYT2xgip7ZnpKvoicrXBy2SV3WhD3G
qOK6Qrb+aPC+qsU3OIjp7JsRf7IuHaQ10yfn+oZJeEoayf+ka7rzsVy6QpKVkiuK
FLw31hMlS7ZPxHrpZX6xaQ1rr7mQY1qk/KY+zUv2uod9GPx7foljWNQNAMdeDKU=
=D5Cw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.