Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Feb 2010 15:46:02 -0700
From: dann frazier <>
Cc: "Steven M. Christey" <>
Subject: Re: CVE request - kernel: DoS on x86_64

On Thu, Feb 04, 2010 at 01:09:09PM +0800, Eugene Teo wrote:
> On 02/04/2010 10:28 AM, dann frazier wrote:
>> On Mon, Feb 01, 2010 at 01:09:12PM +0800, Eugene Teo wrote:
>>> Reported by Mathias Krause. The problem seams to be located in
>>> fs/binfmt_elf.c:load_elf_binary(). It calls SET_PERSONALITY() prior
>>> checking that the ELF interpreter is available. This in turn makes the
>>> previously 32 bit process a 64 bit one which would be fine if execve()
>>> would succeed. But after the SET_PERSONALITY() the open_exec() call
>>> fails (because it cannot find the interpreter) and execve() almost
>>> instantly returns with an error. If you now look at /proc/PID/maps
>>> you'll see, that it has the vsyscall page mapped which shouldn't be. But
>>> the process is not dead yet, it's still running. By now generating a
>>> segmentation fault and in turn trying to generate a core dump the
>>> kernel just dies.
>>> Steps to Reproduce:
>>> 1. Enable core dumps
>>> 2. Start an 32 bit program that tries to execve() an 64 bit program
>>> 3. The 64 bit program cannot be started by the kernel because it can't
>>> find the interpreter, i.e. execve returns with an error
>>> 4. Generate a segmentation fault
>>> 5. panic
>>> Upstream commit:
>> Thanks Eugene.
>> Also note this fix for a regression in the above:
> Ben Hutchings reported (via stable review list) that the fix did not  
> work for him. Will monitor the list if there are other follow-ups.

Indeed, it also needs this change for x86:

And the corresponding changes for powerpc & sparc:

All are in queue-2.6.32 now, btw.
dann frazier

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ