Bugzilla – Bug 943016
VUL-1: CVE-2015-6666: kernel: Linux x86_64 NT flag issue - Linux kernel
Last modified: 2016-04-27 20:22:07 UTC
CVE-2015-6666 Tasks may enable the NT flag from user land. Quoting from the git message: This reverts commit: 2c7577a75837 ("sched/x86_64: Don't save flags on context switch") It was a nice speedup. It's also not quite correct: SYSENTER enables interrupts too early. We can re-add this optimization once the SYSENTER code is beaten into shape, which should happen in 4.3 or 4.4. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6666 http://seclists.org/oss-sec/2015/q3/430
" From: Andy Lutomirski <luto@amacapital.net> Subject: [oss-security] CVE Request: Linux x86_64 NT flag issue When I fixed Linux's NT flag handling, I added an optimization to Linux 3.19 and up. A malicious 32-bit program might be able to leak NT into an unrelated task. On a CONFIG_PREEMPT=y kernel, this is a straightforward DoS. On a CONFIG_PREEMPT=n kernel, it's probably still exploitable for DoS with some more care. I believe that this could be used for privilege escalation, too, but it won't be easy. The fix is just to revert the optimization: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=512255a2ad2c832ca7d4de9f31245f73781922d0 Mitigation: CONFIG_IA32_EMULATION=n. Seccomp does *not* mitigate this bug. --Andy P.S. This is yet another x86 mis-design leading to garbage results. "
If this is >= 3.19, then SLES 12 and older versions are not affected.
bugbot adjusting priority
Looks like it, 2c7577a75837 is not in SLE12.
openSUSE 13.2 also just 3.16, so is not affected. Only Tumbleweed is and that will get the regular kernel update.