Date: Wed, 01 Apr 2009 12:12:24 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: kernel: udp: Wrong locking code in udp seq_file infrastructure According to the upstream commit 30842f298, reading zero bytes from /proc/net/udp or other similar files which use the same seq_file udp infrastructure panics kernel in that way: ===================================== [ BUG: bad unlock balance detected! ] ------------------------------------- read/1985 is trying to release lock (&table->hash[i].lock) at: [<ffffffff81321d83>] udp_seq_stop+0x27/0x29 but there are no more locks to release! [...] This bug was introduced and fixed within a short timeframe. It was introduced in 645ca708 (Follows: v2.6.28-rc2; Precedes: v2.6.29-rc1). http://git.kernel.org/linus/645ca708f936b2fbeb79e52d7823e3eb2c0905f8 http://git.kernel.org/linus/30842f2989aacfaba3ccb39829b3417be9313dbe Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.