system/easy-kernel*: multiple vulnerabilities
Bugzilla ID | 130 |
Alias(es) | CVE-2019-1125, CVE-2019-13272, CVE-2019-13631, CVE-2019-13648, CVE-2019-14283, CVE-2019-14284, CVE-2019-3900 |
Reporter | Max Rees (sroracle) |
Assignee | A. Wilcox (awilfox) |
Reported | 2019-07-30 05:28:20 -0500 |
Modified | 2019-09-02 18:52:54 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-BETA3 |
Hardware | Adélie Linux / All |
Importance | --- / major |
See also | https://bts.adelielinux.org/show_bug.cgi?id=180 |
Description
In the Linux kernel through 5.2.1 on the powerpc platform, when
hardware transactional memory is disabled, a local user can cause a
denial of service (TM Bad Thing exception and system crash) via a
sigreturn() system call that sends a crafted signal frame. This
affects arch/powerpc/kernel/signal_32.c and
arch/powerpc/kernel/signal_64.c.
More info:
https://www.openwall.com/lists/oss-security/2019/07/30/1