Bug 1256746 - CVE-2015-6666 kernel: Linux x86_64 NT flag handling optimization allowing DoS
Summary: CVE-2015-6666 kernel: Linux x86_64 NT flag handling optimization allowing DoS
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1256753
Blocks: 1256750
TreeView+ depends on / blocked
 
Reported: 2015-08-25 11:40 UTC by Adam Mariš
Modified: 2019-09-29 13:36 UTC (History)
33 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-26 03:37:19 UTC


Attachments (Terms of Use)

Description Adam Mariš 2015-08-25 11:40:33 UTC
After fixing Linux's NT flag handling, an optimization was added, making the code vulnerable.
A malicious 32-bit program might be able to leak NT into an unrelated task.
On a kernel with setting CONFIG_PREEMPT=y, this causes a straightforward DoS. With CONFIG_PREEMPT=n setting,
it's probably still exploitable for DoS with some more care.
This vulnerability could be possibly used also for privilege escalation.

Upstream fix (just reverting the optimization):

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0

CVE assignment:

http://seclists.org/oss-sec/2015/q3/430

Can be mitigated by:

CONFIG_IA32_EMULATION=n

Mitigation:

(none)

Comment 1 Adam Mariš 2015-08-25 12:03:54 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1256753]

Comment 2 Fedora Update System 2015-08-25 12:53:57 UTC
kernel-4.2.0-0.rc8.git0.1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14151

Comment 3 Fedora Update System 2015-08-27 17:57:21 UTC
kernel-4.2.0-0.rc8.git0.1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2015-09-11 17:21:18 UTC
kernel-4.1.6-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Martin Prpič 2015-09-15 07:58:27 UTC
This was found to not have a security impact on any version of the Linux kernel. This CVE may be rejected as per:

http://seclists.org/oss-sec/2015/q3/546

Comment 6 Martin Prpič 2015-09-21 06:20:36 UTC
CVE-2015-6666 was rejected, removing alias.

Comment 7 Fedora Update System 2015-09-23 00:20:20 UTC
kernel-4.1.7-100.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.