lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 11 Nov 2017 02:47:10 +0000
From:   Alan Cox <gnomes@...rguk.ukuu.org.uk>
To:     Patrick McLean <chutzpah@...too.org>
Cc:     linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
        stable@...r.kernel.org, regressions@...mhuis.info,
        torvalds@...ux-foundation.org
Subject: Re: [nfsd4] potentially hardware breaking regression in 4.14-rc and
 4.13.11

On Wed, 8 Nov 2017 16:43:17 -0800
Patrick McLean <chutzpah@...too.org> wrote:

> As of 4.13.11 (and also with 4.14-rc) we have an issue where when
> serving nfs4 sometimes we get the following BUG. When this bug happens,
> it usually also causes the motherboard to no longer POST until we
> externally re-flash the BIOS (using the BMC web interface). If a
> motherboard does not have an external way to flash the BIOS, this would
> brick the hardware.

If that is a production x86 system then you need to raise a large red
flag with the vendor because it should not even be possible to splat the
BIOS firmware on a modern PC by running even malicious OS code.

Not only that but if it has a flaw, and you bisect down to create a
reproducer then it's not going to take the bad guys very long to turn it
into an interesting toy to run if they ever exploit a box with that board.

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ