Date: Fri, 20 Jan 2017 09:26:35 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Cc: Jesse Hertz <Jesse.Hertz@...group.trust>, Wade Mealing <wmealing@...hat.com> Subject: Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel On Fri, Jan 20, 2017 at 01:41:52PM +1100, Harshula wrote: > Hi Folks, > > Red Hat Product Security has been notified of a kernel vulnerability > that a local attacker can exploit to crash/panic the kernel and cause a > denial of service. > > This was reported to Red Hat by Jesse Hertz (CC'd) (reproducer: > rt411016): > > "A process that is in the same process group as the ``init'' process > (group id zero) can crash the Linux 2 kernel with several system calls > by passing in a process ID or process group ID of zero. The value zero > is a special value that indicates the current process ID or process > group. However, in this case it is also the process group ID of the > process." > > I've been testing whether RHEL is vulnerable and found the following: > > * Upstream/mainline is not vulnerable Is this true for the mainline kernel tree that RHEL 6 was based on? > * RHEL 7 is not vulnerable > * RHEL 6 is vulnerable > * RHEL 5 is partially vulnerable So this is only due to a specific set of patches that were added to RHEL 6 and RHEL 5 yet never made it upstream? I ask as we want to make sure some of the older LTS mainline kernels might be affected and it would be good to ensure they are not. thanks, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ