oss-sec mailing list archives
Re: Re: CVE Request: More perf security fixes
From: Petr Matousek <pmatouse () redhat com>
Date: Wed, 5 Jun 2013 15:51:56 +0200
On Tue, Jun 04, 2013 at 10:59:33AM -0700, Andi Kleen wrote:
3. Information leak (??) via perf LBR filterLeak + crash actually.https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca Author: Peter Zijlstra <a.p.zijlstra () chello nl> Date: Fri May 3 14:11:24 2013 +0200 perf/x86/intel/lbr: Fix LBR filter The LBR 'from' adddress is under full userspace control; ensure we validate it before reading from it.This patch is known broken and causes additional crashes. There's no updated patch for that so far. -Andi
-- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE Request: More perf security fixes Marcus Meissner (Jun 04)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 06)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)