On Mon, Mar 30, 2015 at 02:25:24AM +0100, Ben Hutchings wrote: > On Sun, 2015-03-29 at 14:58 +0000, mancha security wrote: > > Hi Greg et al. > > > > Many DRAM modules are susceptible to disturbance errors as outlined > > by Kim et al. in June of last year [1]. More recently, a methodology > > to exploit these memory cell interactions to escalate privileges on > > Linux was made public by Google's Project Zero [2]. > > > > One attack vector detailed in their methodology uses information > > gleaned from virtual page - frame maps. As a hardening/mitigation > > response, ab676b7d6fbf [3] restricts access to /proc/*/pagemap to > > privileged userspace. > > > > I noticed 3.14.37 was the only LT kernel to receive a backport of > > this mitigation. Attached please find a backport for use on 3.10.y > > (candidate for inclusion in 3.10.74). > > > > 3.12.y and 3.18.y can probably use [3] pretty much directly while > > 3.2.y and 3.4.y can likely use my patch with a little offset TLC. > > This backport seems to work for 3.2, thanks. > > Ben. Great to hear. At this point, seems only 3.4.y and 3.10.y are missing (both can use my backport). --mancha PS a quick check is running od -xN 16 /proc/self/pagemap as an unpriv user before & after giving od cap_sys_admin.
Attachment:
pgp84ieLdgjGQ.pgp
Description: PGP signature