oss-sec mailing list archives

Re: Re: CVE Request: More perf security fixes

From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 5 Jun 2013 15:51:56 +0200

On Tue, Jun 04, 2013 at 10:59:33AM -0700, Andi Kleen wrote:

3. Information leak (??) via perf LBR filter


Leak + crash actually.


https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca

commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca
Author: Peter Zijlstra <a.p.zijlstra () chello nl>
Date:   Fri May 3 14:11:24 2013 +0200

    perf/x86/intel/lbr: Fix LBR filter
    
    The LBR 'from' adddress is under full userspace control; ensure
    we validate it before reading from it.


This patch is known broken and causes additional crashes.
There's no updated patch for that so far.

-Andi


-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE Request: More perf security fixes Marcus Meissner (Jun 04)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
  - Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
    - Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
    - Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
  - Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
  - Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
    - Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
    - Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
    - Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
    - Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
    - Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
    - Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
    - Re: CVE Request: More perf security fixes Petr Matousek (Jun 06)
    - Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)

(Thread continues...)