system/easy-kernel*: multiple vulnerabilities
| Bugzilla ID | 130 |
| Alias(es) | CVE-2019-1125, CVE-2019-13272, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-3900 |
| Reporter | Max Rees (sroracle) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2019-07-30 05:28:20 -0500 |
| Modified | 2019-09-02 18:52:54 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-BETA3 |
| Hardware | Adélie Linux / All |
| Importance | --- / major |
| See also | https://bts.adelielinux.org/show_bug.cgi?id=180 |
Description
In the Linux kernel through 5.2.1 on the powerpc platform, when
hardware transactional memory is disabled, a local user can cause a
denial of service (TM Bad Thing exception and system crash) via a
sigreturn() system call that sends a crafted signal frame. This
affects arch/powerpc/kernel/signal_32.c and
arch/powerpc/kernel/signal_64.c.
More info:
https://www.openwall.com/lists/oss-security/2019/07/30/1