[kernel-sec-discuss] r3464 - active retired

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Aug 7 08:58:48 UTC 2014 

Author: jmm
Date: 2014-08-07 08:58:48 +0000 (Thu, 07 Aug 2014)
New Revision: 3464

Added:
   retired/CVE-2014-3534
Removed:
   active/CVE-2014-3534
Log:
retire


Deleted: active/CVE-2014-3534
===================================================================
--- active/CVE-2014-3534	2014-08-07 08:52:55 UTC (rev 3463)
+++ active/CVE-2014-3534	2014-08-07 08:58:48 UTC (rev 3464)
@@ -1,18 +0,0 @@
-Description: Kernel memory protection bypass on s390
-References:
-Notes:
- bwh> Martin Schwidefsky says this was introduced by commit fa968ee215c0
- bwh> ("s390/signal: set correct address space control").  It added the
- bwh> ASC (Address Space Control) processor status bits to those that
- bwh> must be restored on return from signals, but as a result they can
- bwh> also be set arbitrarily by ptrace.  This opens a vulnerability if
- bwh> the kernel parameter user_mode=primary is used.  Commit e258d719ff28
- bwh> ("s390/uaccess: always run the kernel in home space") made that
- bwh> the default (I think).
-Bugs:
-upstream: released (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
-2.6.32-upstream-stable: N/A ("vulnerable code not present")
-sid: released (3.14.13-2) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
-3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
-2.6.32-squeeze-security: N/A ("vulnerable code not present")
-3.2-upstream-stable: released (3.2.62) [s390-ptrace-fix-PSW-mask-check.patch]

Copied: retired/CVE-2014-3534 (from rev 3463, active/CVE-2014-3534)
===================================================================
--- retired/CVE-2014-3534	                        (rev 0)
+++ retired/CVE-2014-3534	2014-08-07 08:58:48 UTC (rev 3464)
@@ -0,0 +1,18 @@
+Description: Kernel memory protection bypass on s390
+References:
+Notes:
+ bwh> Martin Schwidefsky says this was introduced by commit fa968ee215c0
+ bwh> ("s390/signal: set correct address space control").  It added the
+ bwh> ASC (Address Space Control) processor status bits to those that
+ bwh> must be restored on return from signals, but as a result they can
+ bwh> also be set arbitrarily by ptrace.  This opens a vulnerability if
+ bwh> the kernel parameter user_mode=primary is used.  Commit e258d719ff28
+ bwh> ("s390/uaccess: always run the kernel in home space") made that
+ bwh> the default (I think).
+Bugs:
+upstream: released (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
+2.6.32-upstream-stable: N/A ("vulnerable code not present")
+sid: released (3.14.13-2) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
+3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
+2.6.32-squeeze-security: N/A ("vulnerable code not present")
+3.2-upstream-stable: released (3.2.62) [s390-ptrace-fix-PSW-mask-check.patch]

More information about the kernel-sec-discuss mailing list