Linux kernel built with the Supervisor Mode Access Prevention(CONFIG_X86_SMAP) and the IA32 Emulation(CONFIG_IA32_EMULATION) support is vulnerable to a partial SMAP protection bypass issue. It occurs because the 'AC' processor flag, which controls kernel mode access to user-space memory pages is not cleared when invoking IA32 system calls on 64-bit machines. A process/user could potentially use this issue to various malicious ends. Note: user would still need a vulnerability which can be leveraged to exploit the missing SMAP protection. Upstream patch: --------------- -> https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa Reference: ---------- -> http://seclists.org/oss-sec/2016/q1/446
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1314255]
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
kernel-4.4.4-301.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.4.4-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.