oss-sec mailing list archives
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
From: "PaX Team" <pageexec () freemail hu>
Date: Sat, 01 Feb 2014 03:45:14 +0100
On 1 Feb 2014 at 3:02, Solar Designer wrote:
Google is offering bounties for responsible disclosure of bugs in Google's software, and I guess this includes use of Linux kernel by Chromium OS.
exactly, and the same bugtracker is used for all chrom* products (somewhat confusingly btw, as there's no kernel category for example when one opens a bug ;).
(I don't know if this specific vulnerability was relevant to Google's products,
i was told that x32 wasn't enabled anywhere (yet, anyway) so they aren't affected.
http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html ... but finding a vulnerability would probably not fall under the latter program.
yes, that's a somewhat different kettle of fish though bugfixes may be eligible if it's about fixing or mitigating entire classes (not the case here obviously).
Current thread:
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038), (continued)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)