Bug 220691 (CVE-2008-1669)

Summary:	Kernel: SMP ordering hole in fcntl_setlk() (CVE-2008-1669)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Kernel	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	gengor, kernel
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9
Whiteboard:	[linux > 2.4.19 <2.6.25.2]
Package list:		Runtime testing required:	---

Description Robert Buchholz (RETIRED) gentoo-dev

2008-05-06 23:16:22 UTC

[PATCH] fix SMP ordering hole in fcntl_setlk()

fcntl_setlk()/close() race prevention has a subtle hole - we need to
make sure that if we *do* have an fcntl/close race on SMP box, the
access to descriptor table and inode->i_flock won't get reordered.
...

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-05-08 18:01:44 UTC

Name:      CVE-2008-1669

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for
fcntl functionality, which allows local users to (1) execute code in parallel
or (2) exploit a race condition to obtain "re-ordered access to the descriptor
table."