Bug 1060023 (CVE-2014-0038)

Summary: CVE-2014-0038 Kernel: 3.4+ arbitrary write with CONFIG_X86_X32
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: davej, gansalmon, itamar, jforbes, jonathan, jwboyer, kernel-maint, madhu.chinakonda, pmatouse, pneedle
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-31 09:58:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1059980    

Description Prasad Pandit 2014-01-31 09:35:03 UTC 
Linux kernel(>= version 3.4+) built with the X32 ABI for 64-bit mode support
CONFIG_X86_X32, is vulnerable to an arbitrary write to a user supplied address.
X32 ABI allows 32-bit programs to run on 64-bit machines with all its features,
without using the 64-bit addressing. These programs continue to use 32-bit
memory addressing. The flaw occurs while doing a recvmmsg(2) call.

A user/program could use this flaw to crash the system resulting in DoS or
potentially escalate user privileges to a system.

Upstream fix:
-------------
 -> https://git.kernel.org/linus/2def2ef2ae5f3990aabdbe8a755911902707d268

Reference:
----------
 -> http://www.openwall.com/lists/oss-security/2014/01/31/2
Comment 1 Petr Matousek 2014-01-31 09:58:26 UTC 
Statement:

Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Comment 3 Tomas Hoger 2014-02-17 10:01:30 UTC 
HackerOne report:
https://hackerone.com/reports/960