After fixing Linux's NT flag handling, an optimization was added, making the code vulnerable.
A malicious 32-bit program might be able to leak NT into an unrelated task.
On a kernel with setting CONFIG_PREEMPT=y, this causes a straightforward DoS. With CONFIG_PREEMPT=n setting,
it's probably still exploitable for DoS with some more care.
This vulnerability could be possibly used also for privilege escalation.
Upstream fix (just reverting the optimization):
Can be mitigated by:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1256753]
kernel-4.2.0-0.rc8.git0.1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14151
kernel-4.2.0-0.rc8.git0.1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.1.6-201.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This was found to not have a security impact on any version of the Linux kernel. This CVE may be rejected as per:
CVE-2015-6666 was rejected, removing alias.
kernel-4.1.7-100.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.