Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Mar 2016 12:09:54 -0500 (EST)
From: Vladis Dronov <>
Subject: CVE request -- linux kernel: pipe: limit the per-user amount of
 pages allocated in pipes


If possible, we would like to obtain a CVE-ID for the flaw currently
handled in the upstream commit:

The commit says: "Mitigates: CVE-2013-4312 (Linux 2.0+)", but it looks
like CVE-2013-4312 is for the different, though similar flaw which was
addressed recently:

"The Linux kernel before 4.4.1 allows local users to bypass file-
descriptor limits and cause a denial of service (memory consumption)
by sending each descriptor over a UNIX socket before closing it,
related to net/unix/af_unix.c and net/unix/garbage.c."

As the root cause of this flaw is different (unrestricted kernel memory
allocation for pipes) I believe another CVE id is needed.


On no-so-small systems, it is possible for a single process to cause an OOM condition
by filling large pipes with data that are never read. A typical process filling 4096
pipes with 1 MB of data will use 4 GB of memory. On small systems it may be tricky to
set the pipe max size to prevent this from happening. The result is an OOM condition
and oom-killer is not able to help much, as the memory for the pipe data is a kernel
memory and a memory footprint of offensive processes is small. 

Upstream patch:

Red Hat Bugzilla:

Discussion threads: | | |

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ