** Description changed: - Access to /dev/cpu/*/msr was protected only using filesystem checks. A - local uid 0 (root) user with all capabilities dropped could use this - flaw to execute arbitrary code in kernel mode. + The msr_open function in arch/x86/kernel/msr.c in the Linux kernel + before 3.7.6 allows local users to bypass intended capability + restrictions by executing a crafted application as root, as demonstrated + by msr32.c. Break-Fix: - c903f0456bc69176912dee6dd25c6a66ee1aed00
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1123049 Title: CVE-2013-0268 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1123049/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
