Date: Tue, 18 Aug 2015 01:38:29 -0400 (EDT) From: Wade Mealing <wmealing@...hat.com> To: OSS Security List <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. Gday, A malicious user could create a special stack layout that fools the perf_callchain_user_64 function (called by perf record) into an infinite loop, tying up that particular CPU and the process can not be killed. A kernel patch was committed upstream capping the maximum user-level stacktrace collected by perf to PERF_MAX_STACK_DEPTH on 64bit powerpc architectures. This affects ppc64 kernels that support perf. Thanks, Wade Mealing Upstream fix ------------ - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 Red Hat Bugzilla: - https://bugzilla.redhat.com/show_bug.cgi?id=1218454
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ