Package: kernel-source-2.6.8 Version: 2.6.8-13 Severity: normal Tags: security patch
Hello, CAN-2005-0204 reads: Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction. Although this says "before 2.6.9" this *includes* both 2.6.8 and 2.6.9. REDHAT:RHSA-2005:092 URL:http://www.redhat.com/support/errata/RHSA-2005-092.html The RedHat bug associated with this is located at: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148855 A patch to fix the problem is attached to this bugreport, it is located here (also linked to the RedHat bug): https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=110424&action=view This apparantly only affects AMD64 and EM64T, and applies to 2.6.8 as well as 2.6.9. Kernel 2.4.27 appears to have a similar vulnerability, although this patch would not apply cleanly to that tree, but looks relatively trivial to modify appropriately. Please include this CAN number in changelog entries about this problem. Thanks, Micah -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages kernel-source-2.6.8 depends on: ii binutils 2.15-5 The GNU assembler, linker and bina ii bzip2 1.0.2-1 A high-quality block-sorting file ii coreutils [fileutils] 5.2.1-2 The GNU core utilities ii fileutils 5.2.1-2 The GNU file management utilities -- no debconf information
--- linux-2.6.9/include/asm-x86_64/desc.h~ 2005-01-30 20:08:12.799247944 -0800 +++ linux-2.6.9/include/asm-x86_64/desc.h 2005-01-30 20:08:12.799247944 -0800 @@ -128,7 +128,7 @@ { set_tssldt_descriptor(&cpu_gdt_table[cpu][GDT_ENTRY_TSS], (unsigned long)addr, DESC_TSS, - sizeof(struct tss_struct) - 1); + IO_BITMAP_OFFSET + IO_BITMAP_BYTES + 7); } static inline void set_ldt_desc(unsigned cpu, void *addr, int size)