248754 – (CVE-2008-5182) Linux: <2.6.27.8 inotify race conditions (CVE-2008-5182)

Bug 248754 (CVE-2008-5182) - Linux: <2.6.27.8 inotify race conditions (CVE-2008-5182)

Summary: Linux: <2.6.27.8 inotify race conditions (CVE-2008-5182)

Status:	RESOLVED FIXED

Alias:	CVE-2008-5182

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.27.8]
Keywords:

Depends on:
Blocks:

Reported:	2008-11-25 09:16 UTC by Stefan Behte (RETIRED)
Modified:	2013-09-05 03:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2008-11-25 09:16:53 UTC

CVE-2008-5182 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5182):
  The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might
  allow local users to gain privileges via unknown vectors related to
  race conditions in inotify watch removal and umount.

Comment 1 Gordon Malm (RETIRED) gentoo-dev

2008-12-06 20:34:18 UTC

http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=releases/2.6.27.8/fix-inotify-watch-removal-umount-races.patch;h=b446894e9fbc7b58817a569f68255d1259cdac77;hb=1db886b63e735c3439e5c2f6813c5207c2206895

Comment 2 Axel Dyks 2008-12-06 22:52:08 UTC

(In reply to comment #1)
> http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git;a=blob;f=releases/2.6.27.8/fix-inotify-watch-removal-umount-races.patch;h=b446894e9fbc7b58817a569f68255d1259cdac77;hb=1db886b63e735c3439e5c2f6813c5207c2206895
> 
gentoo-sources-2.6.26-r4 are based on 2.6.27.8.
Just marked stable on x86/amd64 by dsd.

Comment 3 Axel Dyks 2008-12-06 22:53:22 UTC

Argh! It's .26 not .27 sorry.

Comment 4 Axel Dyks 2008-12-08 01:04:36 UTC

(In reply to comment #3)
> Argh! It's .26 not .27 sorry.

Daniel just added this patch to genpatches (Version 5) for 2.6.26

  http://sources.gentoo.org/viewcvs.py/linux-patches?rev=1424&view=rev

and has released 2.6.26-r4 (already stable on x86/amd64).

Does this mean the bug can be closed?

Comment 5 kfm 2009-07-21 00:25:02 UTC

Amended the Status Whiteboard. hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.27-7 added 2.6.27.8 and, as Axel pointed out, >=genpatches-2.6.26-5 is unaffected. =genpatches-2.6.25* remains vulnerable.
However, hardened-sources-2.6.25-r13 does not because we independently folded
in the same patch.