[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#296700: [CAN-2005-0204]: AMD64, allows local users to write to privileged IO ports via OUTS instruction

Package: kernel-source-2.6.8
Version: 2.6.8-13
Severity: normal
Tags: security patch


CAN-2005-0204 reads:

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
architectures, allows local users to write to privileged IO ports via
the OUTS instruction.

Although this says "before 2.6.9" this *includes* both 2.6.8 and 2.6.9.


The RedHat bug associated with this is located at:

A patch to fix the problem is attached to this bugreport, it is
located here (also linked to the RedHat bug):

This apparantly only affects AMD64 and EM64T, and applies to 2.6.8 as
well as 2.6.9.

Kernel 2.4.27 appears to have a similar vulnerability, although this
patch would not apply cleanly to that tree, but looks relatively
trivial to modify appropriately.

Please include this CAN number in changelog entries about this problem.


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages kernel-source-2.6.8 depends on:
ii  binutils                      2.15-5     The GNU assembler, linker and bina
ii  bzip2                         1.0.2-1    A high-quality block-sorting file 
ii  coreutils [fileutils]         5.2.1-2    The GNU core utilities
ii  fileutils                     5.2.1-2    The GNU file management utilities 

-- no debconf information
--- linux-2.6.9/include/asm-x86_64/desc.h~	2005-01-30 20:08:12.799247944 -0800
+++ linux-2.6.9/include/asm-x86_64/desc.h	2005-01-30 20:08:12.799247944 -0800
@@ -128,7 +128,7 @@
 	set_tssldt_descriptor(&cpu_gdt_table[cpu][GDT_ENTRY_TSS], (unsigned long)addr, 
-			      sizeof(struct tss_struct) - 1);
 static inline void set_ldt_desc(unsigned cpu, void *addr, int size)

Reply to: