Hello,
Linux kernel built for the s390 architecture(CONFIG_S390) is vulnerable to a crash due to low-address protection exception. It occurs when an application uses a linkage stack instruction.
An unprivileged user/application could use this flaw to crash the system resulting in DoS.
Upstream fix:
-------------
-> https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
-rw-r--r-- arch/s390/kernel/head64.S 7
1 files changed, 5 insertions, 2 deletions
diff --git a/arch/s390/kernel/head64.S b/arch/s390/kernel/head64.S
index b9e25ae..d7c0050 100644
--- a/arch/s390/kernel/head64.S
+++ b/arch/s390/kernel/head64.S
@@ -59,7 +59,7 @@ ENTRY(startup_continue)
.quad 0 # cr12: tracing off
.quad 0 # cr13: home space segment table
.quad 0xc0000000 # cr14: machine check handling off
- .quad 0 # cr15: linkage stack operations
+ .quad .Llinkage_stack # cr15: linkage stack operations
.Lpcmsk:.quad 0x0000000180000000
.L4malign:.quad 0xffffffffffc00000
.Lscan2g:.quad 0x80000000 + 0x20000 - 8 # 2GB + 128K - 8
@@ -67,12 +67,15 @@ ENTRY(startup_continue)
.Lparmaddr:
.quad PARMAREA
.align 64
-.Lduct: .long 0,0,0,0,.Lduald,0,0,0
+.Lduct: .long 0,.Laste,.Laste,0,.Lduald,0,0,0
.long 0,0,0,0,0,0,0,0
+.Laste: .quad 0,0xffffffffffffffff,0,0,0,0,0,0
.align 128
.Lduald:.rept 8
.long 0x80000000,0,0,0 # invalid access-list entries
.endr
+.Llinkage_stack:
+ .long 0,0,0x89000000,0,0,0,0x8a000000,0
ENTRY(_ehead)
Reference:
----------
-> https://bugzilla.redhat.com/show_bug.cgi?id=1067558
Thank you.
--
Prasad J Pandit / Red Hat Security Response Team