Ask / Submit

Fix race in swevent hash in kernel-perf CVE-2015-8963 [released]

Tracked by Jolla (In release)

asked 2017-05-11 15:47:24 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-05-11 15:47:24 +0200

lpr gravatar image

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. high (attack range: remote) CVSS v3 Base Score:7.0 High

Upstream-Patch is available.

File affected: kernel-adaptation-sbj- lines 4905-4911; 5155-5165; 5234-5239; 7183-7188; 7237-7249

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2017-07-24 21:11:18.297006


released in / jämsänjoki

lpr ( 2017-07-24 21:11:07 +0200 )edit

1 Answer

Sort by » oldest newest most voted

answered 2017-05-15 08:32:21 +0200

juiceme gravatar image

I have to say you are really far out there, sorry!

This CVE relates to a hotplug CPU initialization, it is a condition that might arise when CPU's are added or removed in a live system, either baremetal or virtualized. Basically this is high-end cluster stuff...

Pray tell me how are you going to add CPU cores in your Jolla device when it is running? Or even when the bloody box is switched off????

edit flag offensive delete publish link more



I'm that far out there that google patched it's affected nexus, nexus player and pixel devices, i guess this are high-performance-cluster-devices in your definition...
Android seems to use cpu-hotplug-mechanism for power-saving of cpu-cores, so you are just wrong (every Jolla device has >= 2 cores)
Only reason this is not marked critical but high is that you need to compromise a privileged process, but there are a lot of 'elevation of privileges'-class of vulnerabilities out there...

lpr ( 2017-05-15 10:19:43 +0200 )edit

I stand corrected :)

I have to admit my ignorance on the aforementioned fact; to my knowledge CPU hotplug wasn't used as powersaving feature in SFOS.

( just proves a point; one cannot know everything)

juiceme ( 2017-05-15 13:22:59 +0200 )edit

hm, just look at "wannacry"... even windows users that do not actually "use" smb in their local network are affected

lpr ( 2017-05-15 13:32:07 +0200 )edit

Question tools

1 follower


Asked: 2017-05-11 15:47:24 +0200

Seen: 174 times

Last updated: May 15 '17