The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability note CVE-2013-0268

Linux kernel: privilege elevation via MSR

Synthesis of the vulnerability

A local attacker, who has the uid 0, can access to /dev/cpu/*/msr, in order to execute code with kernel privileges.
Impacted products: Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, ESX.
Severity: 1/4.
Creation date: 07/02/2013.
Identifiers: BID-57838, CERTA-2013-AVI-454, CVE-2013-0268, ESX400-201310001, ESX400-201310401-SG, ESX400-201310402-SG, ESX410-201307001, ESX410-201307401-SG, ESX410-201307403-SG, ESX410-201307404-SG, ESX410-201307405-SG, FEDORA-2013-1961, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:1187-1, RHSA-2013:0621-01, RHSA-2013:0622-01, RHSA-2013:0630-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, VIGILANCE-VUL-12389, VMSA-2013-0009, VMSA-2013-0009.2.

Description of the vulnerability

Intel processors have specific MSR (Model Specific Register) registers.

A root user (uid 0) can access to the special "/dev/cpu/*/msr" file. The msr_open() function of the arch/x86/kernel/msr.c file allows this access. However, it does not check if the user also has the CAP_SYS_RAWIO capability.

A local attacker, who has the uid 0, but not CAP_SYS_RAWIO, can therefore access to /dev/cpu/*/msr, in order to execute code with kernel privileges.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities note. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.