[kernel-sec-discuss] r679 - active
Martin Pitt
mpitt at alioth.debian.org
Mon Jan 15 19:10:15 CET 2007
Author: mpitt
Date: 2007-01-15 19:10:15 +0100 (Mon, 15 Jan 2007)
New Revision: 679
Modified:
active/CVE-2006-5755
Log:
flesh out CVE-2006-5755
Modified: active/CVE-2006-5755
===================================================================
--- active/CVE-2006-5755 2007-01-14 14:47:09 UTC (rev 678)
+++ active/CVE-2006-5755 2007-01-15 18:10:15 UTC (rev 679)
@@ -1,17 +1,27 @@
Candidate: CVE-2006-5755
-References:
+References:
+ http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=658fdbef66e5e9be79b457edc2cbbb3add840aa9
Description:
+ Linux kernel before 2.6.18, when running on x86_64 systems, does not
+ properly save or restore EFLAGS during a context switch, which allows
+ local users to cause a denial of service (crash) by causing SYSENTER
+ to set an NT flag, which can trigger a crash on the IRET of the next
+ task.
Ubuntu-Description:
+ The task switching code did not save and restore EFLAGS of processes.
+ By starting a specially crafted executable, a local attacker could
+ exploit this to eventually crash many other running processes. This
+ only affects the amd64 platform.
Notes:
jmm> 658fdbef66e5e9be79b457edc2cbbb3add840aa9
jmm> amd64 equivalent of CVE-2006-5173
jmm> http://www.mail-archive.com/kgdb-bugreport@lists.sourceforge.net/msg00559.html
Bugs:
-upstream:
+upstream: released (2.6.18)
linux-2.6:
-2.6.18-etch:
-2.6.8-sarge-security:
-2.4.27-sarge-security:
-2.6.12-breezy-security:
-2.6.15-dapper-security:
-2.6.17-edgy-security:
+2.6.18-etch: N/A
+2.6.8-sarge-security: needed
+2.4.27-sarge-security: needed
+2.6.12-breezy-security: needed
+2.6.15-dapper-security: needed
+2.6.17-edgy-security: needed
More information about the kernel-sec-discuss
mailing list