Date: Tue, 18 Aug 2015 01:38:29 -0400 (EDT) From: Wade Mealing <wmealing@...hat.com> To: OSS Security List <oss-security@...ts.openwall.com> Cc: cve-assign@...re.org Subject: CVE request - Linux kernel - perf on ppp64 - unbounded checks in perf_callchain_user_64 denial of service. Gday, A malicious user could create a special stack layout that fools the perf_callchain_user_64 function (called by perf record) into an infinite loop, tying up that particular CPU and the process can not be killed. A kernel patch was committed upstream capping the maximum user-level stacktrace collected by perf to PERF_MAX_STACK_DEPTH on 64bit powerpc architectures. This affects ppc64 kernels that support perf. Thanks, Wade Mealing Upstream fix ------------ - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 Red Hat Bugzilla: - https://bugzilla.redhat.com/show_bug.cgi?id=1218454
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.