https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212708
--- Comment #3 from s...@zxy.spb.ru --- (In reply to op from comment #1) As far as I understand patch and comments by kib@, this issuse may be exploitable and used as vulnerability on any x86 CPU w/o INVPCID instruction. For exploit attacker needs 1) Runs binary and starts AIO read from prepared file (AIO is enabled by default in GENERIC kernel) 2) Forces context switch to target process near by executing vmspace_switch_aio() (sending some network traffic to daemon: open ssh connection, for example) This may be repeated as many times as needed for success. It looks exploitable cross-jail and may be cross-vm (not sure) Committable fix from kib@ https://lists.freebsd.org/pipermail/freebsd-stable/2016-September/085705.html -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
