Gentoo Bug 87573 - Kernel: Deadlock Error in futex Functions Let Local Users Deny Service (CAN-2005-0937)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	87573
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 87573 depends on:			Show dependency tree Show dependency graph
Bug 87573 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-04-01 09:04 0000

Description:  A vulnerability was reported in the LInux kernel futex functions.
A local user can cause the kernel to crash.

Some kernel futex functions invoke get_user() calls while holding mmap_sem for
reading. If a get_user() function fails while another thread is in mmap, then
the do_page_fault() function will deadlock.

Another similar deadlock condition may occur.

A local user can exploit this to cause denial of service conditions on the
target system.

The flaw resides in 'kernel/futex.c'.

Olof Johansson reported this vulnerability.
Impact:  A local user can cause the target system to crash.
Solution:  A development patch (and changeset) is available, as described at:

http://lkml.org/lkml/2005/2/22/185

------- Comment #1 From Tim Yamin (RETIRED) 2005-04-09 11:00:35 0000 -------

Patch:

http://linux.bkbits.net:8080/linux-2.6/gnupatch@421cfc11zFsK9gxvSJ2t__FCmuUd3Q

------- Comment #2 From Joshua Kinard 2005-04-23 22:29:47 0000 -------

mips-sources fixed.

------- Comment #3 From Robert Paskowitz (RETIRED) 2005-05-17 16:38:33 0000 -------

Same old, same old: http://kiss.gentoo.org/dev/viewBug.php?BugID=87573

------- Comment #4 From Tim Yamin (RETIRED) 2005-05-27 11:40:57 0000 -------

All fixed, closing bug.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 87573

Kernel: Deadlock Error in futex Functions Let Local Users Deny Service (CAN-2005-0937)

Last modified: 2005-05-27 11:40:57 0000