First Last Prev Next    This bug is not in your last search results.
Bug 858638 - (CVE-2014-1438) VUL-0: CVE-2014-1438: kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation
(CVE-2014-1438)
VUL-0: CVE-2014-1438: kernel: missing CPU-state sanitation during task-switc...
Status: VERIFIED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Borislav Petkov
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-01-14 09:25 UTC by Sebastian Krahmer
Modified: 2015-02-19 09:48 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Borislav Petkov 2014-01-14 10:25:31 UTC 
Damn, this is propagating fast - we just fixed it last week. Ok, I'll take care of it.
Comment 2 Swamp Workflow Management 2014-01-14 23:00:17 UTC 
bugbot adjusting priority
Comment 3 Borislav Petkov 2014-01-20 21:18:35 UTC 
Ok, I did some load stressing on the default SLE11-SP3 kernel in GM
(3.0.76-0.11.1) along with running the reproducer

http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/FpuStateTaskSwitchShmemXattrHandlersOverwriteWithNullPage.c

in a tight loop for 3+ hours now and I couldn't reproduce. If I'd have
to guess, this is because 3.0 still has the old FPU save/restore code
which doesn't leave a window for FPU exceptions, see the FNCLEX at the
end of fpu_save_init() (we do this differently in later kernels, after
the lazy save/restore rewrite).

In any case, I'd consider SLE11 unaffected unless someone proves me
otherwise and will concentrate my efforts on later kernels.
Comment 5 Borislav Petkov 2014-02-17 16:04:32 UTC 
SLE12: has it.
oS12.3: applied.
oS13.1: applied.

Closing.
Comment 6 Swamp Workflow Management 2014-05-19 12:06:45 UTC 
openSUSE-SU-2014:0677-1: An update that solves 16 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 733022,811746,833968,837111,851426,852652,852967,858233,858638,858869,858870,858872,860835,862145,863335,864025,866102,868653,869414,869898,871148,871252,871325,873717,875690,875798
CVE References: CVE-2013-4254,CVE-2013-4579,CVE-2013-6885,CVE-2014-0101,CVE-2014-0196,CVE-2014-0691,CVE-2014-1438,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.32.2, kernel-source-3.7.10-1.32.1, kernel-syms-3.7.10-1.32.1
Comment 7 Swamp Workflow Management 2014-05-19 12:14:46 UTC 
openSUSE-SU-2014:0678-1: An update that solves 17 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 639379,812592,81660,821619,833968,842553,849334,851244,851426,852656,852967,853350,856760,857643,858638,858872,859342,860502,860835,861750,862746,863235,863335,864025,864867,865075,866075,866102,867718,868653,869414,871148,871160,871252,871325,875440,875690,875798,876531,876699
CVE References: CVE-2013-4579,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7281,CVE-2014-0069,CVE-2014-0101,CVE-2014-0196,CVE-2014-1438,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.7.1, crash-7.0.2-2.7.1, hdjmod-1.28-16.7.1, ipset-6.19-2.7.1, iscsitarget-1.4.20.3-13.7.1, kernel-docs-3.11.10-11.3, kernel-source-3.11.10-11.1, kernel-syms-3.11.10-11.1, ndiswrapper-1.58-7.1, openvswitch-1.11.0-0.25.1, pcfclock-0.44-258.7.1, virtualbox-4.2.18-2.12.1, xen-4.3.2_01-15.1, xtables-addons-2.3-2.7.1
First Last Prev Next    This bug is not in your last search results.