416977 – (CVE-2012-2373) Kernel mmap_sem Denial of Service Vulnerability (CVE-2012-2373)

Bug 416977 (CVE-2012-2373) - Kernel mmap_sem Denial of Service Vulnerability (CVE-2012-2373)

Summary: Kernel mmap_sem Denial of Service Vulnerability (CVE-2012-2373)

Status:	RESOLVED OBSOLETE

Alias:	CVE-2012-2373

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Kernel Security

URL:	http://permalink.gmane.org/gmane.linu...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-05-21 21:16 UTC by the_eccentric
Modified:	2018-04-04 18:12 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description the_eccentric 2012-05-21 21:16:08 UTC

Linux Kernel mmap_sem Denial of Service Vulnerability
The vulnerability is caused due to a race condition error when holding the mmap_sem lock for reading and can be exploited to cause a crash. This should be a longstanding bug affecting x86 32bit PAE without
THP. Only archs with 64bit large pmd_t and 32bit unsigned long should
be affected.

Reproducible: Always

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2012-05-23 06:04:22 UTC

@kernel, would you mind determining if this affects stable versions of in-tree kernels? Tnx muchly.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 18:12:09 UTC

There are no longer any 2.x or <3.4.5 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.