Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Jan 2017 09:26:35 +0100
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Cc: Jesse Hertz <Jesse.Hertz@...group.trust>,
	Wade Mealing <wmealing@...hat.com>
Subject: Re: CVE REQUEST: linux kernel: process with pgid zero
 able to crash kernel

On Fri, Jan 20, 2017 at 01:41:52PM +1100, Harshula wrote:
> Hi Folks,
> 
> Red Hat Product Security has been notified of a kernel vulnerability
> that a local attacker can exploit to crash/panic the kernel and cause a
> denial of service.
> 
> This was reported to Red Hat by Jesse Hertz (CC'd) (reproducer:
> rt411016):
> 
> "A process that is in the same process group as the ``init'' process
> (group id zero) can crash the Linux 2 kernel with several system calls
> by passing in a process ID or process group ID of zero. The value zero
> is a special value that indicates the current process ID or process
> group. However, in this case it is also the process group ID of the
> process."
> 
> I've been testing whether RHEL is vulnerable and found the following:
> 
> * Upstream/mainline is not vulnerable

Is this true for the mainline kernel tree that RHEL 6 was based on?

> * RHEL 7 is not vulnerable
> * RHEL 6 is vulnerable
> * RHEL 5 is partially vulnerable

So this is only due to a specific set of patches that were added to RHEL
6 and RHEL 5 yet never made it upstream?  I ask as we want to make sure
some of the older LTS mainline kernels might be affected and it would be
good to ensure they are not.

thanks,

greg k-h

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ