[OpenPower-Firmware] CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory
Stewart Smith
stewart at linux.ibm.com
Tue Jun 25 15:25:41 AEST 2019
For the kernel that's part of op-build, this pull request from Joel gets us the fix:
https://github.com/open-power/op-build/pull/2954
My comments are:
Contains the fix for CVE-2019-12817, which while important for
distribution kernels, is not terribly important for ours in firmware,
and not applicable for P9 at all for us (if you can change an NVRAM
variable to change the petitboot kernel command line, then you have full
access to the system anyway).
On P8 systems, you could use this to go from a locked down petituser to
root in the petitboot shell, so anyone shipping a POWER8 system with a
petitboot with password support should consider if a firmware update is
appropriate.
and we're currently looking at kernel bumps for op-build-2.0.y and
op-build-2.3.y.
-------------- next part --------------
An embedded message was scrubbed...
From: Michael Ellerman <mpe at ellerman.id.au>
Subject: CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory
Date: Tue, 25 Jun 2019 00:44:31 +1000
Size: 12431
URL: <http://lists.ozlabs.org/pipermail/openpower-firmware/attachments/20190625/f73dc9f7/attachment.eml>
-------------- next part --------------
--
Stewart Smith
OPAL Architect, IBM.
More information about the OpenPower-Firmware
mailing list