Bug#733551: Sanitation of CPU-state when switching from virtual-8086 mode to other task

To: 733551@bugs.debian.org
Subject: Bug#733551: Sanitation of CPU-state when switching from virtual-8086 mode to other task
From: halfdog <me@halfdog.net>
Date: Tue, 14 Jan 2014 06:59:42 +0000
Message-id: <[🔎] 52D4E05E.9020109@halfdog.net>
Reply-to: halfdog <me@halfdog.net>, 733551@bugs.debian.org
In-reply-to: <handler.733551.B733551.138835717323965.ackinfo@bugs.debian.org>
References: <52C09F7C.20602@halfdog.net> <handler.733551.B733551.138835717323965.ackinfo@bugs.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This issue was assigned CVE-2014-1438 and has now been fixed in kernel
mainline. Since analysis showed, that it is not specific to vm86-mode,
new bug description could be similar to OSVDB: "restore_fpu_checking
Function Unhandled FPU Exception Local DoS"

See [1] for patch, [2] for information about CVE-assignment,
at [3] you can find references to various resources related to this
bug, e.g. the mailing list posts, POC code for crash and privilege
escalation.

[1] https://lkml.org/lkml/2014/1/11/196
[2] http://www.openwall.com/lists/oss-security/2014/01/14/1
[3] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlLU4GUACgkQxFmThv7tq+7CxgCdGHW5AIIGLoO0CXTuJypIYsvU
xrYAnRFi2QvDrBs3tnIkxvF+F3xpGZAj
=H8Vy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#735172: linux: Upgrade to linux-image-3.12-1-kirkwood prevents QNAP TS-119 from booting
Next by Date: Processed (with 1 errors): Re: Bug#735254: flash-kernel: QNAP TS-212 doesn't boot with 3.12-1-kirkwood and flash-kernel 3.12
Previous by thread: Bug#728936: Seems to be fixed in powerpc netinst from Jan 8
Next by thread: Processed (with 1 errors): Re: Bug#735254: flash-kernel: QNAP TS-212 doesn't boot with 3.12-1-kirkwood and flash-kernel 3.12
Index(es):
- Date
- Thread