lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <52BF4B9C.8090608@halfdog.net> Date: Sat, 28 Dec 2013 22:07:24 +0000 From: halfdog <me@...fdog.net> To: full-disclosure@...ts.grok.org.uk Subject: vm86 syscall kernel-panic and some more goodies waiting to be analyzed -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It seems that at least on 32-bit Debian-sid kernel in VirtualBox guest, [1] triggers a kernel-panic. This simple POC does not allow privilege escalation although there might be also some time-race component involved, sometimes similar code seems to access uninitialized memory or triggers NULL-dereferences. Therefore the simple POC code could be extended for more extensive testing. See [2] for more information. hd [1] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/Virtual86SwitchToEmmsFault.c [2] http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlK/S3oACgkQxFmThv7tq+4bWwCfXUEPbsRB48dBuJ8BL6ajiJY6 lb0An3vqZ+lKWE577pHYYOdfbx1OLFDB =994F -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists