After fixing Linux's NT flag handling, an optimization was added, making the code vulnerable. A malicious 32-bit program might be able to leak NT into an unrelated task. On a kernel with setting CONFIG_PREEMPT=y, this causes a straightforward DoS. With CONFIG_PREEMPT=n setting, it's probably still exploitable for DoS with some more care. This vulnerability could be possibly used also for privilege escalation. Upstream fix (just reverting the optimization): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0 CVE assignment: http://seclists.org/oss-sec/2015/q3/430 Can be mitigated by: CONFIG_IA32_EMULATION=n Mitigation: (none)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1256753]
kernel-4.2.0-0.rc8.git0.1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14151
kernel-4.2.0-0.rc8.git0.1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.1.6-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This was found to not have a security impact on any version of the Linux kernel. This CVE may be rejected as per: http://seclists.org/oss-sec/2015/q3/546
CVE-2015-6666 was rejected, removing alias.
kernel-4.1.7-100.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.