blob: 3f681ab93670cbfa8591b836c682a59bf14db0f3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
Description: Privilege escalation by triggering nested NMI on x86_64
References: https://marc.info/?l=oss-security&m=143758877425647&w=2
Notes:
Seems to have been introduced by espfix64 in 3.16, but only in combination
with commit 3f3c8b8c4b2a ("x86: Add workaround to NMI iret woes", 3.3)
and commit e00b12e64be9 ("perf/x86: Further optimize copy_from_user_nmi()",
3.13). espfix64 was backported to 3.2 but the others weren't.
Bugs:
upstream: released (4.2-rc3) [9d05041679904b12c12421cbcf9cb5f4860a8d7b, 0e181bb58143cb4a2e8f01c281b0816cd0e4798e, 9b6e6a8334d56354853f9c255d1395c2ba570e0a]
3.16-upstream-stable: released (3.16.7-ckt16)
3.2-upstream-stable: N/A ("Vulnerable code not present")
2.6.32-upstream-stable: N/A ("Vulnerable code not present")
sid: released (4.0.8-2)
3.16-jessie-security: released (3.16.7-ckt11-1+deb8u2)
3.2-wheezy-security: N/A ("Vulnerable code not present")
2.6.32-squeeze-security: N/A ("Vulnerable code not present")
|
