Date: Fri, 20 Jan 2017 13:41:52 +1100 From: Harshula <harshula@...hat.com> To: oss-security@...ts.openwall.com Cc: Jesse Hertz <Jesse.Hertz@...group.trust>, Wade Mealing <wmealing@...hat.com> Subject: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Hi Folks, Red Hat Product Security has been notified of a kernel vulnerability that a local attacker can exploit to crash/panic the kernel and cause a denial of service. This was reported to Red Hat by Jesse Hertz (CC'd) (reproducer: rt411016): "A process that is in the same process group as the ``init'' process (group id zero) can crash the Linux 2 kernel with several system calls by passing in a process ID or process group ID of zero. The value zero is a special value that indicates the current process ID or process group. However, in this case it is also the process group ID of the process." I've been testing whether RHEL is vulnerable and found the following: * Upstream/mainline is not vulnerable * RHEL 7 is not vulnerable * RHEL 6 is vulnerable * RHEL 5 is partially vulnerable A very specific set of circumstances are required in order for the vulnerability to be exploited. The default configuration of RHEL 5 and RHEL 6 are not exploitable. The risk is that a non-root user can trigger a kernel crash on a modified RHEL 6 system where the kernel runs a process that can be exploited. Perhaps on an embedded device. Thanks, Harshula Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1358840 Patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ ?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ ?id=f20011457f41c11edb5ea5038ad0c8ea9f392023 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/ ?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ