vulnerability note CVE-2013-0268
Linux kernel: privilege elevation via MSR
Synthesis of the vulnerability
A local attacker, who has the uid 0, can access to /dev/cpu/*/msr, in order to execute code with kernel privileges.Impacted products:
Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
BID-57838, CERTA-2013-AVI-454, CVE-2013-0268, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, FEDORA-2013-1961, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:1187-1, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0630-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12389, VMSA-2013-0009, VMSA-2013-0009.2.
Description of the vulnerability
Intel processors have specific MSR (Model Specific Register) registers.
A root user (uid 0) can access to the special "/dev/cpu/*/msr" file. The msr_open() function of the arch/x86/kernel/msr.c file allows this access. However, it does not check if the user also has the CAP_SYS_RAWIO capability.
A local attacker, who has the uid 0, but not CAP_SYS_RAWIO, can therefore access to /dev/cpu/*/msr, in order to execute code with kernel privileges.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities note
. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.