Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Jan 2017 13:41:52 +1100
From: Harshula <>
Cc: Jesse Hertz <>,
        Wade Mealing
Subject: CVE REQUEST: linux kernel: process with pgid zero able to crash

Hi Folks,

Red Hat Product Security has been notified of a kernel vulnerability
that a local attacker can exploit to crash/panic the kernel and cause a
denial of service.

This was reported to Red Hat by Jesse Hertz (CC'd) (reproducer:

"A process that is in the same process group as the ``init'' process
(group id zero) can crash the Linux 2 kernel with several system calls
by passing in a process ID or process group ID of zero. The value zero
is a special value that indicates the current process ID or process
group. However, in this case it is also the process group ID of the

I've been testing whether RHEL is vulnerable and found the following:

* Upstream/mainline is not vulnerable
* RHEL 7 is not vulnerable
* RHEL 6 is vulnerable
* RHEL 5 is partially vulnerable

A very specific set of circumstances are required in order for the
vulnerability to be exploited. The default configuration of RHEL 5 and
RHEL 6 are not exploitable.

The risk is that a non-root user can trigger a kernel crash on a
modified RHEL 6 system where the kernel runs a process that can be
exploited. Perhaps on an embedded device.


Red Hat Bugzilla:


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.