Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 405545 (CVE-2012-0879)

Summary: linux < 2.6.33(-rc1) kernel: block: CLONE_IO io_context refcounting issues (CVE-2012-0879)
Product: Gentoo Security Reporter: Michael Harrison <n0idx80>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: minor CC: kernel
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=796829
Whiteboard: [linux < 2.6.33(-rc1)]
Package list:
Runtime testing required: ---

Description Michael Harrison 2012-02-24 10:09:59 UTC 
With CLONE_IO, copy_io() increments both ioc->refcount and ioc->nr_tasks.
However exit_io_context() only decrements ioc->refcount if ioc->nr_tasks
reaches 0.

With CLONE_IO, parent's io_context->nr_tasks is incremented, but never
decremented whenever copy_process() fails afterwards, which prevents
xit_io_context() from calling IO schedulers exit functions.

An unprivileged local user could use these flaws cause denial of service.

Upstream fixes:
61cc74fbb87af6aa551a06a370590c9bc07e29d9
b69f2292063d2caf37ca9aec7d63ded203701bf3

References:
http://comments.gmane.org/gmane.linux.kernel/922519
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:08:38 UTC 
There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.