Bug 1208598 (CVE-2015-2830)
Summary: | CVE-2015-2830 kernel: int80 fork from 64-bit tasks mishandling | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | agordeev, aquini, carl_song, carnil, dhoward, fhrbata, gansalmon, itamar, jforbes, joelsmith, jonathan, jwboyer, kernel-maint, kernel-mgr, lwang, madhu.chinakonda, mchehab, mguzik, nmurray, plougher, pmatouse, ppandit, rvrbovsk, security-response-team, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-08 05:24:27 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1208599, 1209231, 1209232, 1209233, 1209234, 1209235, 1209236, 1210304, 1210305, 1223657 | ||
Bug Blocks: | 1208595 |
Description
Vasyl Kaigorodov
2015-04-02 15:59:25 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1208599] (In reply to Vasyl Kaigorodov from comment #1) > Created kernel tracking bugs for this issue: > > Affects: fedora-all [bug 1208599] The above commit was backported to 3.19.2 with commit 1f4d987805f78ddbc03cd901eed43aeb60ee344a. All Fedora branches are on 3.19.3 or newer. Statement: This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1139 https://rhn.redhat.com/errata/RHSA-2015-1139.html This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2015:1138 https://rhn.redhat.com/errata/RHSA-2015-1138.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1137 https://rhn.redhat.com/errata/RHSA-2015-1137.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1221 https://rhn.redhat.com/errata/RHSA-2015-1221.html https://access.redhat.com/security/cve/CVE-2015-2830 still lists RHEL 5 as affected. Considering RHEL 5 is now EOL. Should this issue be closed? Red Hat Enterprise Linux 5 is not end of life yet, it is currently in Extended Life Phase. For more information please see https://access.redhat.com/support/policy/updates/errata . From what i'm reading about internal notes though this could be closed, going to needinfo the reporter specifically to get an answer. (In reply to Wade Mealing from comment #16) > From what i'm reading about internal notes though this could be closed, > going to needinfo the reporter specifically to get an answer. Yes, considering it is rated low impact and rhel-5 fix was deferred owing to it being close to its EOL and all other trackers are closed, we can close it. |