[src/netbsd-7-0]: src/doc 1507

[snj <snj%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7cd9a5f466d5
branches:  netbsd-7-0
changeset: 801388:7cd9a5f466d5
user:      snj <snj%NetBSD.org@localhost>
date:      Sat Sep 09 16:58:10 2017 +0000

description:
1507

diffstat:

 doc/CHANGES-7.0.3 |  9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diffs (20 lines):

diff -r 6d5681a0eb77 -r 7cd9a5f466d5 doc/CHANGES-7.0.3
--- a/doc/CHANGES-7.0.3 Sat Sep 09 16:57:34 2017 +0000
+++ b/doc/CHANGES-7.0.3 Sat Sep 09 16:58:10 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0.3,v 1.1.2.62 2017/09/04 16:07:50 snj Exp $
+# $NetBSD: CHANGES-7.0.3,v 1.1.2.63 2017/09/09 16:58:10 snj Exp $
 
 A complete list of changes from the NetBSD 7.0.2 release to the NetBSD 7.0.3
 release:
@@ -4941,3 +4941,10 @@
        in %pstate and get kernel privileges on the hardware.
        [maxv, ticket #1504]
 
+sys/compat/linux32/arch/amd64/linux32_machdep.c        1.39
+
+       Fix a ring0 escalation vulnerability in compat_linux32 where the
+       index of %cs is controlled by userland, making it easy to trigger
+       the page fault and get kernel privileges.
+       [maxv, ticket #1507]
+