MNBSD-2016-7: Incorrect argument validation in sysarch(2) LDT handling

Severity: Unknown

Affected Package: kernel

Summary: Incorrect argument validation in sysarch(2) LDT handling

Description

A specific combination of sysarch(2) arguments requesting removal of a set of LDT descriptors triggered a bounds check that misused a signed intermediate value. This allowed unbounded zeroing of the process LDT and adjacent memory from usermode, which could panic the kernel and cause a local denial of service. Only the amd64 architecture is affected. Patch obtained from FreeBSD and applied in the 0.7.6 release.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-1885

Published: March 17, 2016
Last Modified: March 17, 2016