[src/netbsd-6-0]: src/doc 1502

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/16c7dbcbf8ea
branches:  netbsd-6-0
changeset: 775269:16c7dbcbf8ea
user:      snj <snj%NetBSD.org@localhost>
date:      Sat Sep 09 16:53:55 2017 +0000

description:
1502

diffstat:

 doc/CHANGES-6.0.7 |  10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diffs (21 lines):

diff -r cc6a67b9c3e9 -r 16c7dbcbf8ea doc/CHANGES-6.0.7
--- a/doc/CHANGES-6.0.7 Sat Sep 09 16:53:33 2017 +0000
+++ b/doc/CHANGES-6.0.7 Sat Sep 09 16:53:55 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.115 2017/09/04 16:04:06 snj Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.116 2017/09/09 16:53:55 snj Exp $
 
 A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
 release:
@@ -15132,3 +15132,11 @@
        in %pstate and get kernel privileges on the hardware.
        [maxv, ticket #1501]
 
+sys/compat/linux32/arch/amd64/linux32_machdep.c        1.39
+
+
+       Fix a ring0 escalation vulnerability in compat_linux32 where the
+       index of %cs is controlled by userland, making it easy to trigger
+       the page fault and get kernel privileges.
+       [maxv, ticket #1502]
+