Ask / Submit
5

Fix race in swevent hash in kernel-perf CVE-2015-8963

Tracked by Jolla (In progress)

asked 2017-05-11 15:47:24 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-11 15:47:24 +0300

lpr gravatar image

Description
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. high (attack range: remote) CVSS v3 Base Score:7.0 High

Upstream-Patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/kernel/events/core.c lines 4905-4911; 5155-5165; 5234-5239; 7183-7188; 7237-7249

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
-1

answered 2017-05-15 08:32:21 +0300

juiceme gravatar image

I have to say you are really far out there, sorry!

This CVE relates to a hotplug CPU initialization, it is a condition that might arise when CPU's are added or removed in a live system, either baremetal or virtualized. Basically this is high-end cluster stuff...

Pray tell me how are you going to add CPU cores in your Jolla device when it is running? Or even when the bloody box is switched off????

edit flag offensive delete publish link more

Comments

2

I'm that far out there that google patched it's affected nexus, nexus player and pixel devices, i guess this are high-performance-cluster-devices in your definition...
Android seems to use cpu-hotplug-mechanism for power-saving of cpu-cores, so you are just wrong (every Jolla device has >= 2 cores)
Only reason this is not marked critical but high is that you need to compromise a privileged process, but there are a lot of 'elevation of privileges'-class of vulnerabilities out there...

lpr ( 2017-05-15 10:19:43 +0300 )edit
1

I stand corrected :)

I have to admit my ignorance on the aforementioned fact; to my knowledge CPU hotplug wasn't used as powersaving feature in SFOS.

( just proves a point; one cannot know everything)

juiceme ( 2017-05-15 13:22:59 +0300 )edit
1

hm, just look at "wannacry"... even windows users that do not actually "use" smb in their local network are affected

lpr ( 2017-05-15 13:32:07 +0300 )edit
Login/Signup to Answer

Question tools

Follow
1 follower

Stats

Asked: 2017-05-11 15:47:24 +0300

Seen: 142 times

Last updated: May 15