** Description changed: - While working on KernelThreadSanitizer (KTSAN), a data race detector - for kernels, Dmitry Vyukov found a data race that can trick the kernel - into using uninitialized memory. - - This can at least give access to arbitrary SysV shared memory and - Dmitry developed a proof of concept exploit for this. (On many - systems, this can be used to escalate privileges). - - While we didn't investigate this deeply, it is almost certain that - this vulnerability can be used to gain arbitrary code execution in the + While working on KernelThreadSanitizer (KTSAN), a data race detector for + kernels, Dmitry Vyukov found a data race that can trick the kernel into + using unitialized memory. - This can at least give access to arbitrary + SysV shared memory and Dmitry developed a proof of concept exploit for + this. (On many systems, this can be used to escalate privileges). - + While we didn't investigate this deeply, it is almost certain that this + vulnerability can be used to gain arbitrary code execution in the kernel. Exercise left to the reader. Break-Fix: - b9a532277938798b53178d5a66af6e2915cb27cf
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1502032 Title: CVE-2015-7613 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1502032/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
