Bug 455378 (CVE-2008-3247)

Summary: CVE-2008-3247 kernel: x86: fix ldt limit for 64 bit
Product: [Other] Security Response Reporter: Eugene Teo (Security Response) <eteo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: kernel-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-29 06:16:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Upstream patch for this issue none

Comment 1 Eugene Teo (Security Response) 2008-07-15 08:49:21 UTC
Description of problem:
There is a bug in set_tssldt_descriptor routine that when it is called, it will
use a size larger than (entries * LDT_ENTRY_SIZE - 1), resulting in an unintended
miscalculation of the ldt limits.

Version-Release number of selected component (if applicable):
It only affects 2.6.25-based kernel releases.

Additional info:
RHEL kernels are not affected by this. Filing this for Fedora kernels.

Comment 4 Eugene Teo (Security Response) 2008-07-15 08:56:54 UTC
Created attachment 311797 [details]
Upstream patch for this issue

Comment 5 Dave Jones 2008-07-15 16:39:29 UTC
cvs already merged up to 2.6.25.11, update should be going out soon.

Comment 6 Chuck Ebbert 2008-07-29 04:04:28 UTC
F8 and F9 updates are released.

Comment 7 Red Hat Product Security 2008-07-29 06:16:44 UTC
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6613
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6634