Date: Mon, 20 Jun 2011 18:32:20 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic Description of problem: The huge_memory.c THP page fault was allowed to run if vm_ops was null (which would succeed for /dev/zero MAP_PRIVATE, as the f_op->mmap wouldn't setup a special vma->vm_ops and it would fallback to regular anonymous memory) but other THP logics weren't fully activated for vmas with vm_file not NULL (/dev/zero has a not NULL vma->vm_file). Unprivileged local user could use this flaw to crash the server. Upstream patch: 78f11a255749d09025f54d4e2df4fbcb031530e2 References: https://bugzilla.redhat.com/show_bug.cgi?id=714761 https://bugzilla.kernel.org/show_bug.cgi?id=33682 http://www.spinics.net/lists/stable-commits/msg11762.html Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.