Not sure if this is already fixed/or we are affected. Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignment Check flag (EFLAGS 0x40000), which triggers a SIGBUS in other processes that have an unaligned access.
Following are vulnerable (note: x86 only): gentoo-sources: Stabilize 2.6.18 hardened-sources: Bump to 2.6.18 or patch rsbac-sources: Bump to 2.6.18 or patch suspend2-sources: Stabilize 2.6.18 openmosix-sources: Hardmasked, so we will not wait for you before closing. Bump to 2.6.18 or patch. xen-sources: Bump to 2.6.18 or patch xbox-sources: Bump to 2.6.18 or patch
rsbac-sources bumped to 2.6.18 in ~
Harlan, you should post the patch here as making such a jump in the stable tree is not possible for most maintainers. That said, gentoo-sources-2.6.18 is going stable right now so the timing worked out OK here...
http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826 The patches are both located there. If you so wish, I can extract the patches and make an attachment. Just say the word if you want it. :)
(In reply to comment #4) > http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=47a5c6fa0e204a2b63309c648bb2fde36836c826 > > The patches are both located there. If you so wish, I can extract the patches > and make an attachment. Just say the word if you want it. :) > Nah, that ain't necessary .. gitweb is pretty nice for such things .. just attach the link to the plain commitdiff :) http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff_plain;h=47a5c6fa0e204a2b63309c648bb2fde36836c826;hp=1d19f176a2884d31c4fe2c7018349ff884a819b1
gitweb is often down or unusably slow, plus you need to check if it applies to 2.6.17 and maybe rediff. Attaching to the bug is best, IMO.
Note that this patch doesn't apply to 2.6.16 and I don't have the skills to backport it. xen-sources will be bumped to 2.6.18 in the very near future to address this and other security issues. Hopefully, we can also use genpatches to make things easier in the future.
All done except xen
suspend2-sources is still sitting and waiting, sorry.
(In reply to comment #9) > suspend2-sources is still sitting and waiting, sorry. suspend2 is stable as of 19. Dec. 2006
ping for inaction. I will start hardmasking things guys...
I've finally committed Xen 3.0.4 with xen-sources-2.6.16.49. This issue was fixed in 2.6.16.38 so we should be good now. :-) Resolving since xen was the last one to be fixed.
