[kernel-sec-discuss] r840 - active retired

Sun May 27 15:33:54 UTC 2007

Author: jmm
Date: 2007-05-27 15:33:54 +0000 (Sun, 27 May 2007)
New Revision: 840

Added:
   retired/CVE-2005-3105
Removed:
   active/CVE-2005-3105
Log:
retire CVE-2005-3105


Deleted: active/CVE-2005-3105
===================================================================

--- active/CVE-2005-3105	2007-05-27 15:33:24 UTC (rev 839)
+++ active/CVE-2005-3105	2007-05-27 15:33:54 UTC (rev 840)
@@ -1,35 +0,0 @@
-Candidate: CVE-2005-3105
-References: 
- URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3105
- Final-Decision: 
- Interim-Decision: 
- Modified: 
- Proposed: 
- Assigned: 20050930
- Category: SF
- Reference: MISC:http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
- Reference: MISC:http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
- Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
-Description: 
- The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito
- processors does not properly maintain cache coherency as required by
- the architecture, which allows local users to cause a denial of
- service and possibly corrupt data by modifying PTE protections.
- .
- Extra information from Moritz Muehlenhof:
- ia64 Montecito CPU do not maintain cache coherency correctly, which can be
- exploited by a local DoS.
- http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
- .
- dannf> These CPUs aren't available on the market yet, and I'm not sure
- dannf> 2.4 is vulnerable.  Will have to attempt to reproduce when I can
- dannf> get my hands on some hardware.  Ignoring for sarge2.
- jmm> Have these CPUs ever been supported on 2.4? If not, we should mark N/A
- dannf> they have not, and i've verified that booting the installer
-        fails almost immediately. marking 2.4 N/A
-Bugs: 332569
-upstream: 2.6.12
-2.6.8-sarge-security: released (2.6.8-16sarge1) [mckinley_icache.dpatch]
-2.4.27-sarge-security: N/A
-linux-2.6: N/A
-2.6.18-etch-security: N/A

Copied: retired/CVE-2005-3105 (from rev 838, active/CVE-2005-3105)
===================================================================
--- retired/CVE-2005-3105	                        (rev 0)
+++ retired/CVE-2005-3105	2007-05-27 15:33:54 UTC (rev 840)
@@ -0,0 +1,35 @@
+Candidate: CVE-2005-3105
+References: 
+ URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3105
+ Final-Decision: 
+ Interim-Decision: 
+ Modified: 
+ Proposed: 
+ Assigned: 20050930
+ Category: SF
+ Reference: MISC:http://www.intel.com/cd/ids/developer/asmo-na/eng/215766.htm
+ Reference: MISC:http://cache-www.intel.com/cd/00/00/21/57/215792_215792.pdf
+ Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
+Description: 
+ The mrpotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito
+ processors does not properly maintain cache coherency as required by
+ the architecture, which allows local users to cause a denial of
+ service and possibly corrupt data by modifying PTE protections.
+ .
+ Extra information from Moritz Muehlenhof:
+ ia64 Montecito CPU do not maintain cache coherency correctly, which can be
+ exploited by a local DoS.
+ http://linux.bkbits.net:8080/linux-2.6/cset@4248d4019z8HvgrPAji51TKrWiV2uw?nav=index.html|src/|src/mm|related/mm/mprotect.c
+ .
+ dannf> These CPUs aren't available on the market yet, and I'm not sure
+ dannf> 2.4 is vulnerable.  Will have to attempt to reproduce when I can
+ dannf> get my hands on some hardware.  Ignoring for sarge2.
+ jmm> Have these CPUs ever been supported on 2.4? If not, we should mark N/A
+ dannf> they have not, and i've verified that booting the installer
+        fails almost immediately. marking 2.4 N/A
+Bugs: 332569
+upstream: 2.6.12
+2.6.8-sarge-security: released (2.6.8-16sarge1) [mckinley_icache.dpatch]
+2.4.27-sarge-security: N/A
+linux-2.6: N/A
+2.6.18-etch-security: N/A


