Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 87913
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jean-François Brunette (RETIRED) <formula7@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
arch-ppc64-hugepage-aio-panic.patch patch to rectify CAN-2005-0916 patch Kerin Millar 2005-04-11 12:12 0000 7.76 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 87913 depends on: Show dependency tree
Bug 87913 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-04-04 07:44 0000 
Description:
Daniel McNeil has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the AIO (Asynchronous I/O) support within the "is_hugepage_only_range()" function. This can be exploited via a specially crafted program calling the "io_queue_init()" function and then exiting without calling the "io_queue_release()" function.

Successful exploitation crashes the system on PPC64 and IA64 architectures, but requires that CONFIG_HUGETLB_PAGE is enabled.

The vulnerability has been reported in versions 2.6.8 and 2.6.11. Other versions may also be affected.

Solution:
Grant only trusted users access to affected systems.

------- Comment #1 From Kerin Millar 2005-04-11 12:10:40 0000 ------- 
Daniel McNiel also came up with a patch which I shall attach here (lifted
verbatim from Debian's patchset). Reference:

http://linux.bkbits.net:8080/linux-2.6/cset@4248c8c0es30_4YVdwa6vteKi7h_nw

------- Comment #2 From Kerin Millar 2005-04-11 12:12:06 0000 ------- 
Created an attachment (id=56012) [details]
patch to rectify CAN-2005-0916

This instance was taken from debian-2.6.11-2. Also available from:
http://linux.bkbits.net:8080/linux-2.6/cset@4248c8c0es30_4YVdwa6vteKi7h_nw

------- Comment #3 From Joshua Kinard 2005-04-23 22:29:43 0000 ------- 
mips-sources fixed.

------- Comment #4 From solar 2005-05-02 07:47:02 0000 ------- 
Kumba does this effect the mips arch? 
The advisory only mentions ia64 and ppc64

------- Comment #5 From Tim Yamin (RETIRED) 2005-05-05 13:36:16 0000 ------- 
Kernel maintainers: This affects 2.6.11 so gentoo-sources et al. still need
patching.

------- Comment #6 From Daniel Drake 2005-05-10 15:51:04 0000 ------- 
Fixed in gentoo-sources-2.6.11-r8

------- Comment #7 From Markus Rothe 2005-05-11 09:35:46 0000 ------- 
stable on ppc64

------- Comment #8 From Aron Griffis (RETIRED) 2005-05-11 19:36:26 0000 ------- 
stable on ia64

------- Comment #9 From Joshua Kinard 2005-05-17 21:06:54 0000 ------- 
solar: Because the patch touches files in mm/ and include/linux/, I felt it
prudent to add it into our patchset anyways.  While the chances of it affecting
us are incredibly slim, if none at all, it shouldn't hurt things to include it
on the offchance.

------- Comment #10 From Tim Yamin (RETIRED) 2005-11-26 03:06:53 0000 ------- 
All fixed, closing bug.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug