480358 – (CVE-2013-4220) Kernel : arm64: unhandled el0 traps (CVE-2013-4220)

Bug 480358 (CVE-2013-4220) - Kernel : arm64: unhandled el0 traps (CVE-2013-4220)

Summary: Kernel : arm64: unhandled el0 traps (CVE-2013-4220)

Status:	RESOLVED FIXED

Alias:	CVE-2013-4220

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-08-09 12:38 UTC by Agostino Sarubbo
Modified:	2022-03-25 15:31 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-08-09 12:38:00 UTC

From ${URL} :

Linux kernel built for the ARM64(CONFIG_ARM64) platform is vulnerable to a 
crash when the processor generates trap/esr, that is not handled gracefully, 
which leads to bad_mode(), wherein it'll die() or oops().

A user/program could use this flaw to crash the kernel resulting in DoS.

Upstream fixes:
===============
  -> https://git.kernel.org/linus/381cc2b9705512ee7c7f1839cbdde374625a2a9f
  -> https://git.kernel.org/linus/9955ac47f4ba1c95ecb6092aeaefb40a22e99268

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2013-08-30 01:07:23 UTC

CVE-2013-4220 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4220):
  The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel
  before 3.9.5 on the ARM64 platform allows local users to cause a denial of
  service (system crash) via vectors involving an attempted register access
  that triggers an unexpected value in the Exception Syndrome Register (ESR).

Comment 2 John Helmert III archtester

2022-03-25 15:31:17 UTC

Fixes in 3.9.5 onwards