[opensuse] [Phoronix] New 64-bit Linux Kernel Vulnerabilities Disclosed This Week
http://www.phoronix.com/scan.php?page=news_item&px=MTg2NzY <quote> With CVE-2014-9322 that's now public, there's a local privilege escalation issue affecting all kernel versions prior to Linux 3.17.5. CVE-2014-9322 is described as "privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user's gsbase and the kernel's gsbase swapped. This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot." </quote> Drat that "writeable stack"! Currently running 3.18.0-1.gfc82a91-desktop Repository: kernel_Stable Vendor: obs://build.opensuse.org/Kernel What are you running? -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi, We have updates in QA. If you want to test them, add http://download.opensuse.org/update/DISTRO-test/ Where DISTRO is 12.3, 13.1 or 13.2 depending on your opensuse version. A SR to openSUSE Tumbleweed is also pending review (from Kernel:stable/kernel-source ). Ciao, Marcus On Fri, Dec 19, 2014 at 09:18:11AM -0500, Anton Aylward wrote:
http://www.phoronix.com/scan.php?page=news_item&px=MTg2NzY
<quote>
With CVE-2014-9322 that's now public, there's a local privilege escalation issue affecting all kernel versions prior to Linux 3.17.5. CVE-2014-9322 is described as "privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user's gsbase and the kernel's gsbase swapped. This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot."
</quote>
Drat that "writeable stack"!
Currently running 3.18.0-1.gfc82a91-desktop Repository: kernel_Stable Vendor: obs://build.opensuse.org/Kernel
What are you running?
-- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Fri, 19 Dec 2014 15:32:30 +0100
Marcus Meissner
Hi,
We have updates in QA.
If you want to test them, add http://download.opensuse.org/update/DISTRO-test/
Where DISTRO is 12.3, 13.1 or 13.2 depending on your opensuse version.
Is empty at least for 13.2.
A SR to openSUSE Tumbleweed is also pending review (from Kernel:stable/kernel-source ).
Ciao, Marcus On Fri, Dec 19, 2014 at 09:18:11AM -0500, Anton Aylward wrote:
http://www.phoronix.com/scan.php?page=news_item&px=MTg2NzY
<quote>
With CVE-2014-9322 that's now public, there's a local privilege escalation issue affecting all kernel versions prior to Linux 3.17.5. CVE-2014-9322 is described as "privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user's gsbase and the kernel's gsbase swapped. This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot."
</quote>
Drat that "writeable stack"!
Currently running 3.18.0-1.gfc82a91-desktop Repository: kernel_Stable Vendor: obs://build.opensuse.org/Kernel
What are you running?
-- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Dec 19, 2014 at 06:41:20PM +0300, Andrei Borzenkov wrote:
В Fri, 19 Dec 2014 15:32:30 +0100 Marcus Meissner
пишет: Hi,
We have updates in QA.
If you want to test them, add http://download.opensuse.org/update/DISTRO-test/
Where DISTRO is 12.3, 13.1 or 13.2 depending on your opensuse version.
Is empty at least for 13.2.
Due to some OBS hickup the test repos got emptied. It will be one or two hours until they are repopulated. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/19/2014 09:18 AM, Anton Aylward wrote:
Currently running 3.18.0-1.gfc82a91-desktop Repository: kernel_Stable Vendor: obs://build.opensuse.org/Kernel
Just upgraded to 3.18.1-1.g5f2f35e-desktop -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Andrei Borzenkov
-
Anton Aylward
-
Cristian Rodríguez
-
Marcus Meissner