vulnerability note CVE-2013-0268
Linux kernel: privilege elevation via MSR
Synthesis of the vulnerability
A local attacker, who has the uid 0, can access to /dev/cpu/*/msr, in order to execute code with kernel privileges.Impacted products:
Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
BID-57838, CVE-2013-0268, FEDORA-2013-1961, openSUSE-SU-2013:0396-1, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0630-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12389.
Description of the vulnerability
Intel processors have specific MSR (Model Specific Register) registers.
A root user (uid 0) can access to the special "/dev/cpu/*/msr" file. The msr_open() function of the arch/x86/kernel/msr.c file allows this access. However, it does not check if the user also has the CAP_SYS_RAWIO capability.
A local attacker, who has the uid 0, but not CAP_SYS_RAWIO, can therefore access to /dev/cpu/*/msr, in order to execute code with kernel privileges.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities note
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.