| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 May 2024 16:54:33 +0200
From: Vegard Nossum <vegard.nossum@...cle.com>
To: Nikolay Borisov <nik.borisov@...e.com>, cve@...nel.org,
linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
Subject: Re: CVE-2024-35876: x86/mce: Make sure to grab mce_sysfs_mutex in
set_bank()
On 23/05/2024 15:58, Nikolay Borisov wrote:
> On 23.05.24 г. 16:54 ч., Vegard Nossum wrote:
>> On 23/05/2024 12:24, Nikolay Borisov wrote:
>>> I'd like to dispute the CVE for this issue. Those sysfs entries are
>>> owned by root and can only be written by it. There are innumerable
>>> ways in which root can corrupt/crash the state of the machine and I
>>> don't see why this is anything special.
>>
>> I haven't looked at the issue in detail but it sounds like this
>> potentially breaks lockdown (which is arguably a security feature) so
>
> How exactly does it break lockdown ?
Well, I don't have an exploit and it looks difficult as there isn't any
user-provided input involved.
But generally lockdown prevents anybody (including root) from inspecting
and modifying the running kernel. So if this bug would allow that, then
it breaks lockdown.
Glancing over the code it doesn't look like a use-after-free, just some
unspecified concurrent access. I can't tell if it's exploitable. I'm
just remarking that "requires root access" is not by itself a reason to
reject the CVE.
Vegard
Powered by blists - more mailing lists