blob: 8b93a3478957cfd0ee2827726e72b6d5dcd0bc4d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: Kernel memory protection bypass on s390
References:
Notes:
bwh> Martin Schwidefsky says this was introduced by commit fa968ee215c0
bwh> ("s390/signal: set correct address space control"). It added the
bwh> ASC (Address Space Control) processor status bits to those that
bwh> must be restored on return from signals, but as a result they can
bwh> also be set arbitrarily by ptrace. This opens a vulnerability if
bwh> the kernel parameter user_mode=primary is used. Commit e258d719ff28
bwh> ("s390/uaccess: always run the kernel in home space") made that
bwh> the default (I think).
Bugs:
upstream: released (3.16-rc7) [dab6cf55f81a6e16b8147aed9a843e1691dcd318]
2.6.32-upstream-stable: N/A ("vulnerable code not present")
sid: released (3.14.13-2) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
3.2-wheezy-security: released (3.2.60-1+deb7u3) [bugfix/s390/s390-ptrace-fix-PSW-mask-check.patch]
2.6.32-squeeze-security: N/A ("vulnerable code not present")
3.2-upstream-stable: released (3.2.62) [s390-ptrace-fix-PSW-mask-check.patch]
|
