[kernel-sec-discuss] r3419 - active

Ben Hutchings benh at moszumanska.debian.org
Mon Jun 30 13:00:09 UTC 2014


Author: benh
Date: 2014-06-30 13:00:09 +0000 (Mon, 30 Jun 2014)
New Revision: 3419

Modified:
   active/CVE-2014-3940
   active/CVE-2014-4171
Log:
Add more information about CVE-2014-3940 and CVE-2014-4171

Modified: active/CVE-2014-3940
===================================================================
--- active/CVE-2014-3940	2014-06-30 12:56:42 UTC (rev 3418)
+++ active/CVE-2014-3940	2014-06-30 13:00:09 UTC (rev 3419)
@@ -1,6 +1,11 @@
 Description: missing check during hugepage migration
 References: 
 Notes:
+ bwh> Hugepage migration was extended in 3.12 and it's not clear that
+ bwh> there is a security impact for older versions.  The upstream commit
+ bwh> indicates that is the earliest stable branch it should be backported
+ bwh> to.  But it should be harmless to add the pte_present() check to
+ bwh> older versions anyway.
 Bugs:
 upstream: released (3.15-rc8) [d4c54919ed86302094c0ca7d48a8cbd4ee753e92]
 2.6.32-upstream-stable: 

Modified: active/CVE-2014-4171
===================================================================
--- active/CVE-2014-4171	2014-06-30 12:56:42 UTC (rev 3418)
+++ active/CVE-2014-4171	2014-06-30 13:00:09 UTC (rev 3419)
@@ -1,7 +1,9 @@
-Description:
+Description: shmem reader can block hole punch indefinitely
 References:
- http://ozlabs.org/~akpm/mmots/broken-out/shmem-fix-faulting-into-a-hole-while-its-punched.patch
 Notes:
+ bwh> shmem supports MADV_REMOVE since 2.6.16 but FALLOC_FL_PUNCH_HOLE
+ bwh> was only added in 3.5.  I'm not sure whether this is exploitable
+ bwh> before 3.5; in any case the fix looks difficult to backport.
 Bugs:
 upstream: released (3.16-rc3) [f00cdc6df7d7cfcabb5b740911e6788cb0802bdb]
 2.6.32-upstream-stable:




More information about the kernel-sec-discuss mailing list