kernel: x86: local privesc due to bad_iret and paranoid entry incompatibility

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a SS stack segment fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system...

PT-2010-5009 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.36 Description: The issue is related to the KVM implementation in the Linux kernel, which does not properly reload the FS and GS segment registers. This can be exploited by host OS users to cause a denial of...