Bug 1172806 (CVE-2014-9322)
| Summary: | CVE-2014-9322 kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agordeev, aquini, bhu, carnil, dhoward, esammons, fhrbata, iboverma, jkacur, jross, kernel-mgr, lgoncalv, lwang, matt, mcressma, mdshaikh, mguzik, mmilgram, nmurray, pholasek, plougher, rvrbovsk, security-response-team, skito, vgoyal, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-01-06 20:20:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1172809, 1172810, 1172811, 1172812, 1172813, 1172814, 1172945, 1173083, 1173084, 1173085, 1173591, 1173592, 1175501 | ||
| Bug Blocks: | 1170693 | ||
|
Description
Petr Matousek
2014-12-10 19:31:55 UTC
Statement: This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases will address this issue. Fedora included the patch for this issue as part of the CVE-2014-9090 fix and the impact was limited to local DoS due to the espfix64 functionality. This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2014:1998 https://rhn.redhat.com/errata/RHSA-2014-1998.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1997 https://rhn.redhat.com/errata/RHSA-2014-1997.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:2008 https://rhn.redhat.com/errata/RHSA-2014-2008.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 EUS - Server and Compute Node Only Via RHSA-2014:2009 https://rhn.redhat.com/errata/RHSA-2014-2009.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2014:2010 https://rhn.redhat.com/errata/RHSA-2014-2010.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.2 AUS Via RHSA-2014:2028 https://rhn.redhat.com/errata/RHSA-2014-2028.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5.6 Long Life Via RHSA-2014:2031 https://rhn.redhat.com/errata/RHSA-2014-2031.html This issue has been addressed in the following products: Red Hat Enterprise Linux 5.9 EUS - Server Only Via RHSA-2014:2029 https://rhn.redhat.com/errata/RHSA-2014-2029.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Via RHSA-2014:2030 https://rhn.redhat.com/errata/RHSA-2014-2030.html This issue has been addressed in the following products: Red Hat Enterprise Linux 4 Extended Lifecycle Support Via RHSA-2015:0009 https://rhn.redhat.com/errata/RHSA-2015-0009.html Detailed analysis of this issue has been posted on oss-sec: http://seclists.org/oss-sec/2015/q3/25 |