Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 24 Jun 2011 22:19:50 +0200
From: Petr Matousek <>
Cc: "Steven M. Christey" <>,
        Joshua Bressers <>, Eugene Teo <>
Subject: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and
 stack expansions

Description of the problem:
The normal mmap paths all avoid creating a mapping where the pgoff
inside the mapping could wrap around due to overflow.  However, an
expanding mremap() can take such a non-wrapping mapping and make it
bigger and cause a wrapping condition. There is also another case
where we expand mappings hiding in plain sight: the automatic stack

The wrapping condition can cause a BUG_ON() due to terminally
confusing the vma_prio_tree code.

Upstream patches:
982134ba62618c2d69fbbbd166d0a11ee3b7e3d8 mremap
a626ca6a656450e9f4df91d0dda238fff23285f4 stack expansion downwards
42c36f63ac1366ab0ecc2d5717821362c259f517 stack expansion upwards


Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ