diff options
author | Andi Kleen <ak@suse.de> | 2006-04-12 08:19:29 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-04-12 13:06:54 -0700 |
commit | 6b12095a4a0e1f21bbf83f95f13299ca99d758fe (patch) | |
tree | 5d2a3d96f7b99a3a225c0f7a110c6631848524b0 /drivers/mtd/mtdchar.c | |
parent | 59b2832a31ae2f3279bb5b16ae9b1c4e38e40dea (diff) |
[PATCH] x86_64: When user could have changed RIP always force IRET (CVE-2006-0744)
Intel EM64T CPUs handle uncanonical return addresses differently from
AMD CPUs.
The exception is reported in the SYSRET, not the next instruction.
Thgis leads to the kernel exception handler running on the user stack
with the wrong GS because the kernel didn't expect exceptions on this
instruction.
This version of the patch has the teething problems that plagued an
earlier version fixed.
This is CVE-2006-0744
Thanks to Ernie Petrides and Asit B. Mallick for analysis and initial
patches.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers/mtd/mtdchar.c')
0 files changed, 0 insertions, 0 deletions