[CAN-2005-0204]: AMD64, allows local users to write to privileged IO ports via OUTS instruction

[micah milano]

Hello,

CAN-2005-0204 reads:

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T
architectures, allows local users to write to privileged IO ports via
the OUTS instruction.

Although this says "before 2.6.9" this *includes* 2.6.8 (and 2.4.29)
as well as  2.6.9 and apparantly it includes 2.6.10 and soon to be
released 2.6.11 based on my browsing through the changelogs and not
seeing a mention of this, or that particular file being changed. I do
see that the particular function where this is located has changed
slightly, the patch still seems applicable.

Kernel 2.4.29 appears to have a similar vulnerability, although this
patch would not apply cleanly to that tree, but looks relatively
trivial to modify appropriately.

Apparantly this hole has not migrated upstream somehow and so I am
posting this message to find out where its at.

REDHAT:RHSA-2005:092
URL:http://www.redhat.com/support/errata/RHSA-2005-092.html

The RedHat bug associated with this is located at:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148855

A patch to fix the problem is located here (also linked to the RedHat bug):
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=110424&action=view

This apparantly only affects AMD64 and EM64T.

Thanks,
micah
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/