[kernel-sec-discuss] r3419 - active
Ben Hutchings
benh at moszumanska.debian.org
Mon Jun 30 13:00:09 UTC 2014
Author: benh
Date: 2014-06-30 13:00:09 +0000 (Mon, 30 Jun 2014)
New Revision: 3419
Modified:
active/CVE-2014-3940
active/CVE-2014-4171
Log:
Add more information about CVE-2014-3940 and CVE-2014-4171
Modified: active/CVE-2014-3940
===================================================================
--- active/CVE-2014-3940 2014-06-30 12:56:42 UTC (rev 3418)
+++ active/CVE-2014-3940 2014-06-30 13:00:09 UTC (rev 3419)
@@ -1,6 +1,11 @@
Description: missing check during hugepage migration
References:
Notes:
+ bwh> Hugepage migration was extended in 3.12 and it's not clear that
+ bwh> there is a security impact for older versions. The upstream commit
+ bwh> indicates that is the earliest stable branch it should be backported
+ bwh> to. But it should be harmless to add the pte_present() check to
+ bwh> older versions anyway.
Bugs:
upstream: released (3.15-rc8) [d4c54919ed86302094c0ca7d48a8cbd4ee753e92]
2.6.32-upstream-stable:
Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171 2014-06-30 12:56:42 UTC (rev 3418)
+++ active/CVE-2014-4171 2014-06-30 13:00:09 UTC (rev 3419)
@@ -1,7 +1,9 @@
-Description:
+Description: shmem reader can block hole punch indefinitely
References:
- http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch
Notes:
+ bwh> shmem supports MADV_REMOVE since 2.6.16 but FALLOC_FL_PUNCH_HOLE
+ bwh> was only added in 3.5. I'm not sure whether this is exploitable
+ bwh> before 3.5; in any case the fix looks difficult to backport.
Bugs:
upstream: released (3.16-rc3) [f00cdc6df7d7cfcabb5b740911e6788cb0802bdb]
2.6.32-upstream-stable:
More information about the kernel-sec-discuss
mailing list