Only those triggerable from a SECCOMPed process were kept. On 440 vulnerabilities, 13 were qualified:
| Impact | Description | Architecture | Reference |
|---|---|---|---|
| HIGH | infinite loop triggering signal handler | i386 | CVE-2004-0554 |
| MEDIUM | audit_syscall_entry bypass | amd64 | CVE-2009-0834 |
| MEDIUM | SECCOMP bypass | amd64 | CVE-2009-0835 |
| MEDIUM | Non-sign extension of syscall arguments | s390 | CVE-2009-0029 |
| MEDIUM | EFLAGS leak on context switch | amd64/i386 | CVE-2006-5755 |
| MEDIUM | Nested faults | amd64 | CVE-2005-1767 |
| MEDIUM | Not handling properly certain privileged instructions | s390 | CVE-2004-0887 |
| LOW | Fix register leak in 32 bits syscall audititing | amd64 | 81766741f |
| LOW | 64-bit kernel register leak to 32-bit processes | amd64 | 24e35800c |
| LOW | Register leak | amd64 | CVE-2009-2910 |
| LOW | DoS by using malformed LDT | amd64 | CVE-2008-3247 |
| LOW | DoS on floating point exceptions | powerpc HTX | CVE-2007-3107 |
| LOW | DoS on 32-bit compatibility mode | amd64 | CVE-2005-1765 |
In other words, if you are running a pure 32 bits environment, our initial intuition was almost good with two bugs so far (in 2004 and 2006). However, on AMD64, I wouldn't bet.
Disclaimer: Off course, theses numbers are meaningless because of the non-disclosure policy of the kernel's developpers.
0 commentaires:
Enregistrer un commentaire