Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Jan 2017 16:01:25 +0100
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: linux kernel - local DoS with
 cgroup offline code


On 11/05/2016 04:59 PM, cve-assign@...re.org wrote:
> > A malicious user who can run an arbitrary image with a
> non-privileged user
> > in a Container-as-a-service cloud environment could use the exploit to
> > deadlock the container nodes to deny the service for other users.
>
> > container> $ trinity -D --disable-fds=memfd --disable-fds=timerfd \
> >              --disable-fds=pipes --disable-fds=testfile \
> >              --disable-fds=sockets --disable-fds=perf \
> >              --disable-fds=epoll --disable-fds=eventfd \
> >              --disable-fds=drm
>
> > # systemctl status docker
> > <hang...>
>
> > task kworker/45:4:146035 blocked for more than 120 seconds.
>
> > "cgroup is trying to offline a cpuset css, which
> > takes place under cgroup_mutex. The offlining ends up trying to drain
> > active usages of a sysctl table which apparently is not happening."
> There is
> > no fix at this time as far as I can tell.
>
> Use CVE-2016-9191.
>

Fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa

v3.11-rc1...v4.10-rc4

Andreas


-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.