[kernel-sec-discuss] r3453 - active

Ben Hutchings benh at moszumanska.debian.org
Wed Jul 23 00:03:39 UTC 2014


Author: benh
Date: 2014-07-23 00:03:39 +0000 (Wed, 23 Jul 2014)
New Revision: 3453

Added:
   active/CVE-2014-3534
Log:
Add CVE-2014-3534, kernel memory protection bypass on s390

Added: active/CVE-2014-3534
===================================================================
--- active/CVE-2014-3534	                        (rev 0)
+++ active/CVE-2014-3534	2014-07-23 00:03:39 UTC (rev 3453)
@@ -0,0 +1,18 @@
+Description: Kernel memory protection bypass on s390
+References:
+Notes:
+ bwh> Martin Schwidefsky says this was introduced by commit fa968ee215c0
+ bwh> ("s390/signal: set correct address space control"), but only if the
+ bwh> kernel parameter user_mode=primary is used.  Commit e258d719ff28
+ bwh> ("s390/uaccess: always run the kernel in home space") closed the
+ bwh> vulnerability in signal handling (the kernel parameter no longer
+ bwh> exists) and replaced it with a vulnerability through ptrace.
+ bwh> The upstream fix therefore fixes the second vulnerability but 3.2.y
+ bwh> suffers from the first (which maybe wants its own CVE ID).
+Bugs:
+upstream: pending (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
+2.6.32-upstream-stable: N/A ("vulnerable code not present")
+sid: needed
+3.2-wheezy-security: needed
+2.6.32-squeeze-security: N/A ("vulnerable code not present")
+3.2-upstream-stable: needed




More information about the kernel-sec-discuss mailing list