[v3.1] kernel: execution in the early microcode loader (CVE-2015-2666)
It was found that the Linux kernel’s Intel early microcode loader was vulnerable to a stack overflow. On a UEFI Secure Boot enabled system, a local root user could use this flaw to increase their privileges to the kernel (ring0) level despite the additional restrictions in place.
Seems it was introduced in kernel 3.8+ in ec400dd (“x86/microcode_intel_early.c: Early update ucode on Intel’s CPU”). So Alpine Linux kernel branches 3.10.y and 3.14.y are to be affected.
Upstream fix is available.
References:
http://seclists.org/oss-sec/2015/q1/878
http://seclists.org/oss-sec/2015/q1/909
CONFIRM:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1204722
(from redmine: issue id 4048, created on 2015-04-07, closed on 2017-09-05)
- Relations:
- parent #4044