[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request - Linux Kernel KGDB/ppc issue
From: Eugene Teo <eugene () redhat ! com>
Date: 2010-04-30 0:44:55
Message-ID: 4BDA2807.3000703 () redhat ! com
[Download RAW message or body]
On 04/29/2010 10:13 AM, Hui Zhu wrote:
> Hi All,
>
> The problem is that if KGDB is enabled on a powerpc board, a
> test that checks if a page is user or kernel is bypassed.
> This means that a user can write to arbitrary kernel address space.
>
> Upon further investigation, we found that kernels older than
> the v2.6.30-rc1 release have the same problem for non-booke
> ppc chips (74xx, 8641D), so we need two patches for kernels
> up to that date, and then one patch for ones after that date.
http://www.mail-archive.com/linuxppc-dev@lists.ozlabs.org/msg30044.html
Sun, 01 Mar 2009 22:25:03 -0800
"Note: While at it, I removed a non-sensical statement related to
CONFIG_KGDB in ppc_mmu_32.c which could cause kernel mappings to be user
accessible when that option is enabled. Probably something that bitrot."
Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic