Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261741AbVB1V1S (ORCPT ); Mon, 28 Feb 2005 16:27:18 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261748AbVB1V1S (ORCPT ); Mon, 28 Feb 2005 16:27:18 -0500 Received: from wproxy.gmail.com ([64.233.184.196]:10469 "EHLO wproxy.gmail.com") by vger.kernel.org with ESMTP id S261741AbVB1V1N (ORCPT ); Mon, 28 Feb 2005 16:27:13 -0500 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=KHmzUy2DDzNin9SmJ8OrVnkS6xoTsQMe/TYjyKg9l0u7GYmJGdDT5S5OtbQtOHYSslHC3rHsD3vELqRL4bcmq4+zjnuewmPiQC4z8uYXlzFk3XLJgrMAqP5SxFQZNOHyCSFYpjYh8PoX4Ek0vjphKD2d5m55TZIT4Yuqkdb0+fs= Message-ID: <70fda32050228132743998647@mail.gmail.com> Date: Mon, 28 Feb 2005 15:27:13 -0600 From: micah milano Reply-To: micah milano To: linux-kernel@vger.kernel.org Subject: [CAN-2005-0204]: AMD64, allows local users to write to privileged IO ports via OUTS instruction Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1511 Lines: 40 Hello, CAN-2005-0204 reads: Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction. Although this says "before 2.6.9" this *includes* 2.6.8 (and 2.4.29) as well as 2.6.9 and apparantly it includes 2.6.10 and soon to be released 2.6.11 based on my browsing through the changelogs and not seeing a mention of this, or that particular file being changed. I do see that the particular function where this is located has changed slightly, the patch still seems applicable. Kernel 2.4.29 appears to have a similar vulnerability, although this patch would not apply cleanly to that tree, but looks relatively trivial to modify appropriately. Apparantly this hole has not migrated upstream somehow and so I am posting this message to find out where its at. REDHAT:RHSA-2005:092 URL:http://www.redhat.com/support/errata/RHSA-2005-092.html The RedHat bug associated with this is located at: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148855 A patch to fix the problem is located here (also linked to the RedHat bug): https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=110424&action=view This apparantly only affects AMD64 and EM64T. Thanks, micah - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/