On Sun, 2015-03-29 at 14:58 +0000, mancha security wrote: > Hi Greg et al. > > Many DRAM modules are susceptible to disturbance errors as outlined by > Kim et al. in June of last year [1]. More recently, a methodology to > exploit these memory cell interactions to escalate privileges on Linux > was made public by Google's Project Zero [2]. > > One attack vector detailed in their methodology uses information gleaned > from virtual page - frame maps. As a hardening/mitigation response, > ab676b7d6fbf [3] restricts access to /proc/*/pagemap to privileged > userspace. > > I noticed 3.14.37 was the only LT kernel to receive a backport of this > mitigation. Attached please find a backport for use on 3.10.y > (candidate for inclusion in 3.10.74). > > 3.12.y and 3.18.y can probably use [3] pretty much directly while 3.2.y > and 3.4.y can likely use my patch with a little offset TLC. This backport seems to work for 3.2, thanks. Ben. > --mancha > > [1] http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf > [2] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html > [3] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf > -- Ben Hutchings Who are all these weirdos? - David Bowie, reading IRC for the first time
Attachment:
signature.asc
Description: This is a digitally signed message part