oss-sec mailing list archives
Re: CVE Request: More perf security fixes
From: Andi Kleen <ak () linux jf intel com>
Date: Tue, 4 Jun 2013 10:59:33 -0700
3. Information leak (??) via perf LBR filter
Leak + crash actually.
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e15eb3ba6c0249c9e8c783517d131b47db995ca commit 6e15eb3ba6c0249c9e8c783517d131b47db995ca Author: Peter Zijlstra <a.p.zijlstra () chello nl> Date: Fri May 3 14:11:24 2013 +0200 perf/x86/intel/lbr: Fix LBR filter The LBR 'from' adddress is under full userspace control; ensure we validate it before reading from it.
This patch is known broken and causes additional crashes. There's no updated patch for that so far. -Andi
Current thread:
- CVE Request: More perf security fixes Marcus Meissner (Jun 04)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)