Bug 291904 (CVE-2009-3547)

Summary:

Kernel: fs/pipe.c race condition DoS/PrivEsc (CVE-2009-3547)

Product:

Gentoo Security

Reporter:

Alex Legler (RETIRED) <a3li>

Component:

Kernel

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

major

CC:

hardened-kernel+disabled, jaak, kernel, pacho

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad3960243e55320d74195fb85c975e0a8cc4466c

Whiteboard:

[linux <2.6.27.39] [linux >=2.6.28 <2.6.31.6] [gp <2.6.30-10] [gp >=2.6.31-1 <2.6.31-6]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
Fix for CVE-2009-3547	none

Description Alex Legler (RETIRED) archtester

2009-11-04 20:19:39 UTC

CVE-2009-3547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3547):
  Multiple race conditions in fs/pipe.c in the Linux kernel before
  2.6.32-rc6 allow local users to cause a denial of service (NULL
  pointer dereference and system crash) or gain privileges by
  attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Comment 1 kfm 2009-11-04 21:55:11 UTC

Created attachment 209281 [details, diff]
Fix for CVE-2009-3547

Comment 2 kfm 2009-11-04 22:03:39 UTC

Further information: http://xorl.wordpress.com/2009/11/03/cve-2009-3547-linux-kernel-pipe-null-pointer-dereference-race-condition/

Comment 3 Alex Legler (RETIRED) archtester

2009-11-05 11:25:17 UTC

Kernel: please include this patch at least in the .31 you want to stabilize.

Comment 4 Mike Pagano gentoo-dev

2009-11-06 01:26:13 UTC

In svn for the next release of gentoo-sources-2.6.31

Comment 5 Mike Pagano gentoo-dev

2009-11-06 01:59:17 UTC

and in svn for 2.6.30, also

Comment 6 Mike Pagano gentoo-dev

2009-11-06 14:37:03 UTC

released in gentoo-sources-2.6.30-r9 (genpatches 2.6.30-10) and gentoo-sources-2.6.31 (gentpatches 2.6.31-6)