Date: Fri, 23 Sep 2016 13:00:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 212708] aio cross-process memory corruption Message-ID: <bug-212708-8-xJV83ou5XX@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-212708-8@https.bugs.freebsd.org/bugzilla/> References: <bug-212708-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D212708 --- Comment #3 from slw@zxy.spb.ru --- (In reply to op from comment #1) As far as I understand patch and comments by kib@, this issuse may be exploitable and used as vulnerability on any x86 CPU w/o INVPCID instructio= n. For exploit attacker needs 1) Runs binary and starts AIO read from prepared file (AIO is enabled by default in GENERIC kernel) 2) Forces context switch to target process near by executing vmspace_switch_aio() (sending some network traffic to daemon: open ssh connection, for example) This may be repeated as many times as needed for success. It looks exploitable cross-jail and may be cross-vm (not sure) Committable fix from kib@ https://lists.freebsd.org/pipermail/freebsd-stable/2016-September/085705.ht= ml --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-212708-8-xJV83ou5XX>