Public bug reported:
Kees Cook is requesting the following be enabled for our Raspi2/3
enabled kernel:
config CPU_SW_DOMAIN_PAN
bool "Enable use of CPU domains to implement privileged no-access"
depends on MMU && !ARM_LPAE
default y
help
Increase kernel security by ensuring that normal kernel accesses
are unable to access userspace addresses. This can help prevent
use-after-free bugs becoming an exploitable privilege escalation
by ensuring that magic values (such as LIST_POISON) will always
fault when dereferenced.
CPUs with low-vector mappings use a best-efforts implementation.
Their lower 1MB needs to remain accessible for the vectors, but
the remainder of userspace will become appropriately inaccessible.
** Affects: linux-raspi2 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu Xenial)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Affects: linux-raspi2 (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: linux-raspi2 (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Also affects: linux-raspi2 (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: linux-raspi2 (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1683505
Title:
enable CONFIG_CPU_SW_DOMAIN_PAN for raspi2/raspi3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi2/+bug/1683505/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
