Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 170865 (CVE-2007-0006)

Summary: Kernel: spinlock CPU recursion (CVE-2007-0006)
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugzilla.kernel.org/show_bug.cgi?id=7727
Whiteboard: [linux < 2.6.16.42][linux >= 2.6.17 < 2.6.19.5][linux >= 2.6.20 < 2.6.20.2][gp < 2.6.19-8][gp >= 2.6.20-1 < 2.6.20-3]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-03-14 12:53:42 UTC 
Not sure wether this is fixed in all 2.6.18 sources:

------- Additional Comment #8 From David Howells 2007-02-06 03:12 -------  
Okay... Found it: the key serial number collision avoidance code is wrong.

This didn't use to be a problem as the key serial numbers were allocated from 
a simple incremented counter, and you'd have to go through 2 billion keys 
before encountering a collision.

However, now that random numbers are used instead, collisions are much more 
likely.
Comment 1 Lubomir Rintel 2007-03-15 10:54:14 UTC 
CVE-2007-0006
Comment 2 unnamedrambler 2008-03-07 19:42:26 UTC 
proposed metadata:
[linux < 2.6.16.42] a0cd22f8e3a0cd4f6d8b08103629cbbc29a0c9fb
[linux >= 2.6.17 < 2.6.19.5] 76d21f587d66f8508f6448c7253e46ff1881bec9
[linux >= 2.6.20 < 2.6.20.2] dbd60d51abaf4c31f4c4b5e521745af301535447
also patched in linux 2.6.21 9ad0830f307bcd8dc285cfae58998d43b21727f4

[gp < 2.6.19-8]
[gp >= 2.6.20-1 < 2.6.20-3]