[src/netbsd-6-1]: src/doc 1502

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d2f7cf4d1d4a
branches:  netbsd-6-1
changeset: 776267:d2f7cf4d1d4a
user:      snj <snj%NetBSD.org@localhost>
date:      Sat Sep 09 16:54:15 2017 +0000

description:
1502

diffstat:

 doc/CHANGES-6.1.6 |  10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diffs (21 lines):

diff -r 6df3955c381c -r d2f7cf4d1d4a doc/CHANGES-6.1.6
--- a/doc/CHANGES-6.1.6 Sat Sep 09 16:53:34 2017 +0000
+++ b/doc/CHANGES-6.1.6 Sat Sep 09 16:54:15 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.1.6,v 1.1.2.112 2017/09/04 16:04:59 snj Exp $
+# $NetBSD: CHANGES-6.1.6,v 1.1.2.113 2017/09/09 16:54:15 snj Exp $
 
 A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6
 release:
@@ -14805,3 +14805,11 @@
        in %pstate and get kernel privileges on the hardware.
        [maxv, ticket #1501]
 
+sys/compat/linux32/arch/amd64/linux32_machdep.c        1.39
+
+
+       Fix a ring0 escalation vulnerability in compat_linux32 where the
+       index of %cs is controlled by userland, making it easy to trigger
+       the page fault and get kernel privileges.
+       [maxv, ticket #1502]
+