Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:parisc: Revise gateway LWS calls to probe user read accessWe use load and stbys,e instructions to trigger memory referenceinterruptions without writing to memory. Because of the way readaccess support is implemented, read access interruptions are onlytriggered at privilege levels 2 and 3. The kernel and gatewaypage execute at privilege level 0, so this code never triggersa read access interruption. Thus, it is currently possible foruser code to execute a LWS compare and swap operation at anaddress that is read protected at privilege level 3 (PRIV_USER).Fix this by probing read access rights at privilege level 3 andbranching to lws_fault if access isn't allowed.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/w4zu/Debian_security