pending stable kernel security updates

Tim Gardner tcanonical at tpi.com
Tue Jun 24 14:45:38 UTC 2008


Kees Cook wrote:
> Hello!  I've got more pending kernel updates waiting in the
> ubuntu-security git trees now:
> 
>                      dapper          feisty           gutsy           hardy
> CVE-2007-6282:      pending         pending         pending         pending
> CVE-2008-1615:       needed          needed          needed          needed
> CVE-2008-1673:      pending         pending         pending         pending
> CVE-2008-2136:      pending         pending         pending         pending
> CVE-2008-2137:      pending         pending         pending         pending
> CVE-2008-2148:          N/A             N/A         pending         pending
> CVE-2008-2358:          N/A         pending         pending         pending
> CVE-2008-2750:          N/A             N/A             N/A         pending
> 
> I need help with CVE-2008-1615: the code has changed a lot between
> revisions, has been touched by the virt bits, and is pretty non-obvious
> to me.
> 
> I'd like to publish as soon as possible after 8.04.1 is released.  To
> that end, can someone start build and boot testing?  None of the patches
> looked like ABI bumpers.
> 
> Thanks,
> 
> -Kees
> 

Kees - As far as I can tell CVE-2008-1615 does not apply to
Dapper/Feisty/Gutsy/Hardy. See

https://bugzilla.redhat.com/show_bug.cgi?id=431430

The issue was introduced with commit
72fe4858544292ad64600765cb78bc02298c6b1c which was during the 2.6.25
merge window. The key is that the definition of 'iret_label' was
changed, i.e., it lost its alignment statement:

-       .quad iret_label,bad_iret
+       .quad native_iret, bad_iret

Yet the interrupt return code later on continued to use 'iret_label'
which is now unaligned (a bad thing):

leaq iret_label(%rip),%rbp

You can also read Roland McGrath's somewhat caustic commit log entry in
a57dae3aa4d00a000b5bac4238025438204c78b2 if you are in need of some humor.

rtg
-- 
Tim Gardner tim.gardner at ubuntu.com




More information about the kernel-team mailing list