[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: [security-linux] Re: [oss-security] CVE request - Linux Kernel
From: Mark Hatle <mark.hatle () windriver ! com>
Date: 2010-04-29 16:24:28
Message-ID: 4BD9B2BC.4090404 () windriver ! com
[Download RAW message or body]
Eugene Teo wrote:
> On 04/29/2010 10:13 AM, Hui Zhu wrote:
>> Hi All,
>>
>> The problem is that if KGDB is enabled on a powerpc board, a
>> test that checks if a page is user or kernel is bypassed.
>> This means that a user can write to arbitrary kernel address space.
>>
>> Upon further investigation, we found that kernels older than
>> the v2.6.30-rc1 release have the same problem for non-booke
>> ppc chips (74xx, 8641D), so we need two patches for kernels
>> up to that date, and then one patch for ones after that date.
I'm sorry. This was a mistake on our part. We had intended to send the
information to vendor-sec and coordinate with other potentially affected
vendors. Then once a reasonable coordinated time had passed to send it to
security@kernel.org as well as oss-security and lkml.
Our standard procedure:
* contact vendor-sec and coordinate with other affected vendors
* send the information to the project specific security list
* once public send the information to:
* oss-security@lists.openwall.com
* other appropriate public project list(s)
Mark Hatle
Linux Security Incident Lead
Wind River Systems
> Hi Hui,
>
> Just FYI, oss-security is a public mailing list. I noticed you have
> already cc'ed the KGDB maintainer. If you are trying to report a kernel
> security issue that is neither fixed not disclosed previously AFAIK, you
> might want to try CC'ing security@kernel.org and LKML. Drop LKML if you
> want to keep it private for a short period of time.
>
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic