Red Hat Bugzilla – Bug 154451
CAN-2005-1762 x86_64 sysret exception leads to DoS
Last modified: 2007-11-30 17:07:17 EST
Created attachment 113012 [details]
fix for sysret fault case
This fixes the case with that bad failure mode and DoS potential.
This patch works against 2.6.12rc2 and against RHEL4 (6.38).
Created attachment 113013 [details]
fix for iret fault cases
This fixes the iret cases, and handles both a native 64-bit sigreturn case and
the cases with 32-bit processes that bug 154221 deals with. These cases all
have a fairly harmless failure mode (some console spew and a confusing user
result), so buggy but not exploitable.
I originally labelled this issue as CAN-2005-0756 however that was in error due
to two similar ptrace check issues. The following is as reported to vendor-sec:
Fixing rip -> CAN-2005-1762
Fixing fs_base and gs_base -> CAN-2005-0756
[PATCH] x86_64: check if ptrace RIP is canonical
This works around an AMD Erratum.
This is a DoS on 2.4 and 2.6
*** Bug 159916 has been marked as a duplicate of this bug. ***
This is in linux-2.6.9-CAN-2005-0756-x86_64-ptrace-canonical-addr.patch in -11.34.EL
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.