Re: CVE Request: Linux kernel: arm64: unhandled el0 traps

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2013 06:02 PM, Greg KH wrote:
> On Thu, Aug 08, 2013 at 03:39:30PM +0530, P J P wrote:
> > Hi,
> >
> > Linux kernel built for the ARM64(CONFIG_ARM64) platform is 
> > vulnerable to a crash when the processor generates trap/esr, that
> > is not handled gracefully, which leads to bad_mode(), wherein
> > it'll die() or oops().
> >
> > A user/program could use this flaw to crash the kernel resulting
> > in DoS.
> >
> > Upstream fixes: =============== ->
> > https://git.kernel.org/linus/381cc2b9705512ee7c7f1839cbdde374625a2a9f
- -> https://git.kernel.org/linus/9955ac47f4ba1c95ecb6092aeaefb40a22e99268
> CVE requests for code that can only run on a processor that is not 
> shipping yet?  Isn't there a rule somewhere about CVEs not being
> allowed for stuff like this?
>
> thanks,
>
> greg k-h

Nope, they are shipping now. Not widely available, but a few more
months will fix that.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSBERMAAoJEBYNRVNeJnmTxXsQANPLOTc262rGI6ql/qSnopKL
o9ykos218wh+XS1f1JTK38avZFzzv0jw7dkqXwD0pbYCj02XDz30nqv/Wr3HAZav
o+Rw4xUTQFldKcA3YBW51Os595RXIvEFHTT3BWPrz/h0S5DvEnUjJzMksk7GR3EH
p5J5SOHfxV/7kzzCMsY9dKEMoY5EWlUtJ0a9yQSLcJ4L2eh7rTHmXFm0JO+inaUo
liGQKi786GS9Fsvso/Ssey8Z9flcQLJQp+8v0OHemcvXA8gd/T5TL2zJZVcavYAI
sNFYzylRCKq1XkiEK1epllVv3+bgs4Gm7a2lnhQArMiZxtqwHdjA5jW0DAaaxrd+
QYAZKmzC2HyIYn6tcyXclK4gj8ueOuiEvcfF6FYex7XwdFC2CxIZFmPUlDk3M9Ng
FKKkfvxDMFKrUuHFSDWUmXApokBhCBO0//mW0F5mkKX9h1lfQfZjRnc2coH65ZMd
MDsTf2xGd89ONhEzWu+yFSHTvchFjMOaHTZ770qvcrboC+vfP/BM2ImIJ5bvjEr4
Ra5UVfApF6oQGTYk+lEkGPyqYR4mSX6DMLvJCWB+KsOsLRLQd9uHdTKTUWrbF0ye
bOCZhEbFq7dNWkyzy9MhOmPf3YVILxz9OM4qfKa9Ca+IsTWmWnZxfnrD6RZD98GD
EQnzfEWgCnei6aL/GdUi
=KqED
-----END PGP SIGNATURE-----