Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 87573 - Kernel: Deadlock Error in futex Functions Let Local Users Deny Service (CAN-2005-0937)
Summary: Kernel: Deadlock Error in futex Functions Let Local Users Deny Service (CAN-2...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://securitytracker.com/alerts/200...
Whiteboard: [linux >=2.6 < 2.6.11]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-01 09:04 UTC by Jean-François Brunette (RETIRED)
Modified: 2009-05-03 14:29 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-François Brunette (RETIRED) gentoo-dev 2005-04-01 09:04:22 UTC
Description:  A vulnerability was reported in the LInux kernel futex functions. A local user can cause the kernel to crash.

Some kernel futex functions invoke get_user() calls while holding mmap_sem for reading. If a get_user() function fails while another thread is in mmap, then the do_page_fault() function will deadlock.

Another similar deadlock condition may occur.

A local user can exploit this to cause denial of service conditions on the target system.

The flaw resides in 'kernel/futex.c'.

Olof Johansson reported this vulnerability.
Impact:  A local user can cause the target system to crash.
Solution:  A development patch (and changeset) is available, as described at:

http://lkml.org/lkml/2005/2/22/185
Comment 2 Joshua Kinard gentoo-dev 2005-04-23 22:29:47 UTC
mips-sources fixed.
Comment 3 Robert Paskowitz (RETIRED) gentoo-dev 2005-05-17 16:38:33 UTC
Same old, same old: http://kiss.gentoo.org/dev/viewBug.php?BugID=87573
Comment 4 Tim Yamin (RETIRED) gentoo-dev 2005-05-27 11:40:57 UTC
All fixed, closing bug.