** Description changed: - While working on KernelThreadSanitizer (KTSAN), a data race detector for - kernels, Dmitry Vyukov found a data race that can trick the kernel into - using unitialized memory. - This can at least give access to arbitrary - SysV shared memory and Dmitry developed a proof of concept exploit for - this. (On many systems, this can be used to escalate privileges). - - While we didn't investigate this deeply, it is almost certain that this - vulnerability can be used to gain arbitrary code execution in the + While working on KernelThreadSanitizer (KTSAN), a data race detector + for kernels, Dmitry Vyukov found a data race that can trick the kernel + into using uninitialized memory. + - This can at least give access to arbitrary SysV shared memory and + Dmitry developed a proof of concept exploit for this. (On many + systems, this can be used to escalate privileges). + - While we didn't investigate this deeply, it is almost certain that + this vulnerability can be used to gain arbitrary code execution in the kernel. Exercise left to the reader. Break-Fix: - b9a532277938798b53178d5a66af6e2915cb27cf
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1502032 Title: CVE-2015-7613 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1502032/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
