oss-sec mailing list archives
CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 7 Feb 2013 11:55:19 +0100
Access to /dev/cpu/*/msr was protected only using filesystem checks. A local uid 0 (root) user with all capabilities dropped could use this flaw to execute arbitrary code in kernel mode. Upstream commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00 References: https://bugzilla.redhat.com/show_bug.cgi?id=908693 http://grsecurity.net/~spender/msr32.c Thanks, -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Petr Matousek (Feb 07)
- Re: CVE request -- Linux kernel: x86/msr: /dev/cpu/*/msr local privilege escalation Kurt Seifried (Feb 07)