Date: Tue, 1 Mar 2016 12:09:54 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request -- linux kernel: pipe: limit the per-user amount of pages allocated in pipes Hello, If possible, we would like to obtain a CVE-ID for the flaw currently handled in the upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 The commit says: "Mitigates: CVE-2013-4312 (Linux 2.0+)", but it looks like CVE-2013-4312 is for the different, though similar flaw which was addressed recently: "The Linux kernel before 4.4.1 allows local users to bypass file- descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c." https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4312 As the root cause of this flaw is different (unrestricted kernel memory allocation for pipes) I believe another CVE id is needed. Description: On no-so-small systems, it is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory. On small systems it may be tricky to set the pipe max size to prevent this from happening. The result is an OOM condition and oom-killer is not able to help much, as the memory for the pipe data is a kernel memory and a memory footprint of offensive processes is small. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1313428 Discussion threads: https://www.spinics.net/lists/linux-fsdevel/msg92912.html | https://lkml.org/lkml/2015/12/28/150 https://www.spinics.net/lists/linux-fsdevel/msg93317.html | https://lkml.org/lkml/2016/1/11/310 https://www.spinics.net/lists/linux-fsdevel/msg93601.html | https://lkml.org/lkml/2016/1/18/171 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.