We have moved to a new Sailfish OS Forum. Please start new discussions there.
5

Fix race in swevent hash in kernel-perf CVE-2015-8963 [released]

Tracked by Jolla (In release)

asked 2017-05-11 15:47:24 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-11 15:47:24 +0300

lpr gravatar image

Description
Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. high (attack range: remote) CVSS v3 Base Score:7.0 High

Upstream-Patch is available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/kernel/events/core.c lines 4905-4911; 5155-5165; 5234-5239; 7183-7188; 7237-7249

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2017-07-24 21:11:18.297006

Comments

released in 2.1.1.23 / jämsänjoki

lpr ( 2017-07-24 21:11:07 +0300 )edit

1 Answer

Sort by » oldest newest most voted
-1

answered 2017-05-15 08:32:21 +0300

juiceme gravatar image

I have to say you are really far out there, sorry!

This CVE relates to a hotplug CPU initialization, it is a condition that might arise when CPU's are added or removed in a live system, either baremetal or virtualized. Basically this is high-end cluster stuff...

Pray tell me how are you going to add CPU cores in your Jolla device when it is running? Or even when the bloody box is switched off????

edit flag offensive delete publish link more

Comments

2

I'm that far out there that google patched it's affected nexus, nexus player and pixel devices, i guess this are high-performance-cluster-devices in your definition...
Android seems to use cpu-hotplug-mechanism for power-saving of cpu-cores, so you are just wrong (every Jolla device has >= 2 cores)
Only reason this is not marked critical but high is that you need to compromise a privileged process, but there are a lot of 'elevation of privileges'-class of vulnerabilities out there...

lpr ( 2017-05-15 10:19:43 +0300 )edit
1

I stand corrected :)

I have to admit my ignorance on the aforementioned fact; to my knowledge CPU hotplug wasn't used as powersaving feature in SFOS.

( just proves a point; one cannot know everything)

juiceme ( 2017-05-15 13:22:59 +0300 )edit
1

hm, just look at "wannacry"... even windows users that do not actually "use" smb in their local network are affected

lpr ( 2017-05-15 13:32:07 +0300 )edit

Question tools

Follow
1 follower

subscribe to rss feed

Stats

Asked: 2017-05-11 15:47:24 +0300

Seen: 225 times

Last updated: May 15 '17

Related questions

[security] sailfish is not affected by "vDirect Mobile / OMA-DM" vulnerability. [answered]

VPN client [released]

Word prediction should be always turned off when entering passwords in Android apps [released]

Password manager for Sailfish [answered]

Android VKB saves and suggests passwords in plaintext

[Feature-request] Track & protect my Jolla

Keychain linked to TOH

Cloud backup should be encrypted

Guest account for demonstration [answered]

SSH Host Key fingerprint & regeneration

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49